Blog Posts
Vultron: A Protocol for Coordinated Vulnerability Disclosure
This post introduces Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).
• By Allen Householder
In CERT/CC Vulnerabilities
Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization
We've just released a follow-up paper in our research agenda about prioritizing actions during vulnerability management, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization....
• By Allen Householder
In CERT/CC Vulnerabilities
Update on the CERT Guide to Coordinated Vulnerability Disclosure
It's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament....
• By Allen Householder
In CERT/CC Vulnerabilities
Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines
The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....
• By Allen Householder, Deana Shick, Jonathan Spring, Art Manion
In CERT/CC Vulnerabilities
The CERT Guide to Coordinated Vulnerability Disclosure
We are happy to announce the release of the CERT® Guide to Coordinated Vulnerability Disclosure (CVD). The guide provides an introduction to the key concepts, principles, and roles necessary to …
• By Allen Householder
In CERT/CC Vulnerabilities
Announcing CERT Basic Fuzzing Framework Version 2.8
Today we are announcing the release of the CERT Basic Fuzzing Framework Version 2.8 (BFF 2.8). It's been about three years since we released BFF 2.7....
• By Allen Householder
In CERT/CC Vulnerabilities
Vulnerability IDs, Fast and Slow
The CERT/CC Vulnerability Analysis team has been engaged in a number of community-based efforts surrounding Coordinated Vulnerability Disclosure lately....
• By Allen Householder
In CERT/CC Vulnerabilities
E Pluribus, Que? Identifying Vulnerability Disclosure Stakeholders
On September 29, Art Manion and I attended the first meeting of the Multistakeholder Process for Cybersecurity Vulnerabilities....
• By Allen Householder
In CERT/CC Vulnerabilities
Recent Conference Presentations by the Vulnerability Analysis Team
A number of us on the Vulnerability Analysis team have been out and about giving talks at various conferences recently....
• By Allen Householder
In CERT/CC Vulnerabilities
Comments on BIS Wassenaar Proposed Rule
Art Manion and I recently submitted comments to the Department of Commerce Bureau of Industry and Security on their proposed rule....