Software Engineering Institute

Jonathan Spring

Jonathan Spring is an SEI alumni employee.

Jonathan Spring is a senior member of the technical staff with the CERT division of the Software Engineering Institute (SEI) at Carnegie Mellon University. Spring began working at the SEI in 2009. Prior posts include adjunct professor at the University of Pittsburgh’s School of Information Sciences and research fellow for the ICANN’s Security and Stability Advisory Committee (SSAC). At the SEI, Spring’s work focuses on producing reliable evidence for various levels of cybersecurity policies. Spring’s approach to work balances leading by example with reflecting on study design and other philosophical issues. Spring earned a doctoral degree in computer science from University College London.

All

Tech Publications

Blog Posts

Podcasts

Videos

Coordinated Vulnerability Disclosure User Stories

August 25, 2022 • White Paper

By Brad Runyon, Eric Hatleback, Allen D. Householder, Art Manion, Vijay S. Sarvepalli, Timur D. Snoke, Jonathan Spring, Laurie Tyzenhaus, Charles G. Yarbrough

Probably Don’t Rely on EPSS Yet

June 6, 2022 • Blog Post

By Jonathan Spring

Undiscovered Vulnerabilities: Not Just for Critical Software

June 2, 2022 • Podcast

By Jonathan Spring

An Analysis of How Many Undiscovered Vulnerabilities Remain in Information Systems

March 9, 2022 • White Paper

By Jonathan Spring

Bias in AI: Impact, Challenges, and Opportunities

September 30, 2021 • Podcast

By Carol J. Smith, Jonathan Spring

More from Jonathan Spring

Coordinated Vulnerability Disclosure User Stories

August 25, 2022 • White Paper

By Brad Runyon, Eric Hatleback, Allen D. Householder, Art Manion, Vijay S. Sarvepalli, Timur D. Snoke, Jonathan Spring, Laurie Tyzenhaus, Charles G. Yarbrough

An Analysis of How Many Undiscovered Vulnerabilities Remain in Information Systems

March 9, 2022 • White Paper

By Jonathan Spring

A State-Based Model for Multi-Party Coordinated Vulnerability Disclosure (MPCVD)

July 1, 2021 • Special Report

By Allen D. Householder, Jonathan Spring

Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0)

April 30, 2021 • White Paper

By Jonathan Spring, Allen D. Householder, Eric Hatleback, Art Manion, Madison Oliver, Vijay S. Sarvepalli, Laurie Tyzenhaus, Charles G. Yarbrough

Historical Analysis of Exploit Availability Timelines

August 13, 2020 • White Paper

By Allen D. Householder, Jeff Chrabaszcz (Govini), Trent Novelly, David Warren, Jonathan Spring

More from Jonathan Spring

Probably Don’t Rely on EPSS Yet

June 6, 2022 • Blog Post

By Jonathan Spring

CERT/CC Comments on Standards and Guidelines to Enhance Software Supply Chain Security

June 1, 2021 • Blog Post

By Jonathan Spring

Adversarial ML Threat Matrix: Adversarial Tactics, Techniques, and Common Knowledge of Machine Learning

October 22, 2020 • Blog Post

By Jonathan Spring

Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning

February 13, 2020 • Blog Post

By Jonathan Spring

Machine Learning in Cybersecurity

December 2, 2019 • Blog Post

By Jonathan Spring

More from Jonathan Spring

Undiscovered Vulnerabilities: Not Just for Critical Software

June 2, 2022 • Podcast

By Jonathan Spring

Bias in AI: Impact, Challenges, and Opportunities

September 30, 2021 • Podcast

By Carol J. Smith, Jonathan Spring

Applying Scientific Methods in Cybersecurity

August 26, 2021 • Podcast

By Leigh B. Metcalf, Jonathan Spring

Managing Vulnerabilities in Machine Learning and Artificial Intelligence Systems

June 10, 2021 • Podcast

By Nathan M. VanHoudnos, Jonathan Spring, Allen D. Householder

A Stakeholder-Specific Vulnerability Categorization

October 29, 2020 • Podcast

By Allen D. Householder, Eric Hatleback, Jonathan Spring

More from Jonathan Spring

Flocon 2015 Welcome Talk

January 12, 2015 • Video

By Jonathan Spring

More from Jonathan Spring