CERT/CC Vulnerabilities
Blog Posts
The Essential Role of AISIRT in Flaw and Vulnerability Management
The SEI established the first Artificial Intelligence Security Incident Response Team (AISIRT) in 2023. This post discusses AISIRT's role in the coordination of flaws and vulnerabilities in AI systems.
Read More•By Lauren McIlvenny, Vijay S. Sarvepalli
In Artificial Intelligence Engineering
Protecting AI from the Outside In: The Case for Coordinated Vulnerability Disclosure
This post highlights lessons learned from applying the coordinated vulnerability disclosure (CVD) process to reported vulnerabilities in AI and ML systems.
Read More•By Allen D. Householder, Vijay S. Sarvepalli, Jeff Havrilla, Matt Churilla, Lena Pons, Shing-hon Lau, Nathan M. VanHoudnos, Andrew Kompanek, Lauren McIlvenny
In Artificial Intelligence Engineering
The Threat of Deprecated BGP Attributes
This post examines how a small issue with Border Gateway Protocol routing, a deprecated path attribute, can cause a major interruption to Internet traffic.
Read More•By Leigh B. Metcalf, Timur D. Snoke
In CERT/CC Vulnerabilities
UEFI: 5 Recommendations for Securing and Restoring Trust
This blog post expands on concerns brought to light from recent UEFI attacks, such as BlackLotus, and highlights 5 recommendations to secure and restore trust in the UEFI ecosystem.
Read More•By Vijay S. Sarvepalli
In CERT/CC Vulnerabilities
Vultron: A Protocol for Coordinated Vulnerability Disclosure
This post introduces Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).
Read More•By Allen D. Householder
In CERT/CC Vulnerabilities
UEFI – Terra Firma for Attackers
This blog post focuses on how the vulnerabilities in firmware popularized by the Uniform Extensible Firmware Interface create a lucrative target for high-profile attackers.
Read More•By Vijay S. Sarvepalli
In CERT/CC Vulnerabilities
Probably Don’t Rely on EPSS Yet
This post evaluates the pros and cons of the Exploit Prediction Scoring System (EPSS), a data-driven model designed to estimate the probability that software vulnerabilities will be exploited in practice.
Read More•By Jonathan Spring
In CERT/CC Vulnerabilities
The Latest Work from the SEI: Coordinated Vulnerability Disclosure, Cybersecurity Research, Cyber Risk and Resilience, and the Importance of Fostering Diversity in Software Engineering
This post highlights the latest work from the SEI in coordinated vulnerability disclosure, cyber risk and resilience management, automation, and the science of cybersecurity.
Read More•By Douglas Schmidt (William & Mary)
In CERT/CC Vulnerabilities
Vulnerabilities: Everybody’s Got One!
In this post, Leigh Metcalf describes how she pulled data from the malvuln project to explore recent vulnerabilities in both malware and non-malware to study the differences.
Read More•By Leigh B. Metcalf
In CERT/CC Vulnerabilities
CERT/CC Comments on Standards and Guidelines to Enhance Software Supply Chain Security
This SEI Blog post shares insights from the CERT Coordination Center (CERT/CC) on proposed software supply chain security standards and guidelines.
Read More