Blog Posts
Rust Vulnerability Analysis and Maturity Challenges
This post explores tools for understanding vulnerabilities in the Rust programming language as well as the maturity of the Rust software ecosystem as a whole and how that might impact …
• By Garret Wassermann, David Svoboda
In Secure Development
Introducing CERT Kaiju: Malware Analysis Tools for Ghidra
Ghidra provides a compelling environment for reverse engineering tools that are relatively easy to use during malware analysis. Our latest blog post highlights a new suite of tools, known as …
• By Garret Wassermann, Jeffrey Gennari
In Reverse Engineering for Malware Analysis
CVD Series: Principles of Coordinated Vulnerability Disclosure (Part 2 of 9)
This is the second post in a series about Coordinated Vulnerability Disclosure (CVD).The material in this series represents a collective effort within the CERT/CC Vulnerability Analysis team. As such, it's …
• By Garret Wassermann
In CERT/CC Vulnerabilities
CVD Series: What is Coordinated Vulnerability Disclosure? (Part 1 of 9)
This is the first post in a series about Coordinated Vulnerability Disclosure (CVD). In this series, we will discuss why CVD is an important part of the modern software development …
• By Garret Wassermann
In CERT/CC Vulnerabilities
How to Win Friends and Coordinate a Vulnerability
The CERT/CC Vulnerability Analysis team for nearly 30 years now has provided assistance for coordinated vulnerability disclosure (CVD). In a nutshell, we help security researchers communicate with software vendors to …
• By Garret Wassermann
In CERT/CC Vulnerabilities
Reach Out and Mail Someone
Every day, we receive reports from various security professionals, researchers, hobbyists, and even software vendors regarding interesting vulnerabilities that they discovered in software. Vulnerability coordination--where we serve as intermediary between …