Blog Posts

Probably Don’t Rely on EPSS Yet

This post evaluates the pros and cons of the Exploit Prediction Scoring System (EPSS), a data-driven model designed to estimate the probability that software vulnerabilities will be exploited in practice.

Read More

June 6, 2022 • By Jonathan Spring

In CERT/CC Vulnerabilities

CERT/CC Comments on Standards and Guidelines to Enhance Software Supply Chain Security

This SEI Blog post shares insights from the CERT Coordination Center (CERT/CC) on proposed software supply chain security standards and guidelines.

Read More

June 1, 2021 • By Jonathan Spring

In CERT/CC Vulnerabilities

Adversarial ML Threat Matrix: Adversarial Tactics, Techniques, and Common Knowledge of Machine Learning

This SEI Blog post introduces the Adversarial ML Threat Matrix, a list of tactics to exploit machine learning models, and guidance on defense against them.

Read More

October 22, 2020 • By Jonathan Spring

In CERT/CC Vulnerabilities

Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning

The U.S. National Institute of Standards and Technology (NIST) recently held a public comment period on their draft report on proposed taxonomy and terminology of Adversarial Machine Learning (AML)....

Read More

February 13, 2020 • By Jonathan Spring

In CERT/CC Vulnerabilities

Machine Learning in Cybersecurity

Our technical report provides an overview of the relevant parts of an ML lifecycle--selecting the right problem, the right data, and the right math and summarizing the model output for …

Read More

December 1, 2019 • By Jonathan Spring

In CERT/CC Vulnerabilities