Blog Posts
Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines
The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....
• By Allen Householder, Deana Shick, Jonathan Spring, Art Manion
In CERT/CC Vulnerabilities
Coordinated Vulnerability Disclosure for DoD Websites
Almost 30 years ago, the SEI's CERT Coordination Center established a program that enabled security researchers in the field to report vulnerabilities they found in an organization's software or systems....
• By Art Manion, CERT Insider Threat Center
Vulnerability Equities
VEP publication is good. Some good things, some questions.VEP publication is good.volume/rate, ERB meetings, in person, virtualhold or keepif hold, who uses?
• By Art Manion
In CERT/CC Vulnerabilities
Comments on BIS Wassenaar Proposed Rule
Art Manion and I recently submitted comments to the Department of Commerce Bureau of Industry and Security on their proposed rule....
• By Allen Householder, Art Manion
In CERT/CC Vulnerabilities
Anatomy of Java Exploits
On behalf of the real author, my colleague David Svoboda (and a couple others who work on the CERT Secure Coding Initiative), here's a post analyzing recent Java exploits....
• By Art Manion, David Svoboda
In CERT/CC Vulnerabilities
Java in Web Browser: Disable Now!
Hi, it's Will and Art here. We've been telling people to disable Java for years. In fact, the first version of the Securing Your Web Browser document from 2006 provided …
• By Art Manion
In CERT/CC Vulnerabilities
Java 7 Attack Vectors, Oh My!
While researching how to successfully mitigate the recent Java 7 vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will Dormann") found quite a mess....
• By Art Manion, Will Dormann
In CERT/CC Vulnerabilities
Java Security Manager Bypass Vulnerability
Last Sunday, another major Java vulnerability (VU#636312) was reported. Until an official update is available, we strongly recommend disabling the Java 7 plug-in for web browsers....
• By Art Manion
In CERT/CC Vulnerabilities
Vulnerability Data Archive
With the hope that someone finds the data useful, we're publishing an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database....
• By Art Manion
In CERT/CC Vulnerabilities
Vulnerability Severity Using CVSS
If you analyze, manage, publish, or otherwise work with software vulnerabilities, hopefully you've come across the Common Vulnerability Scoring System (CVSS)....