Research
Blog Posts
Adversarial ML Threat Matrix: Adversarial Tactics, Techniques, and Common Knowledge of Machine Learning
This SEI Blog post introduces the Adversarial ML Threat Matrix, a list of tactics to exploit machine learning models, and guidance on defense against them.
• By Jonathan Spring
In CERT/CC Vulnerabilities
Bridging the Gap Between Research and Practice
A fundamental goal for a federally funded research and development center (FFRDC) is to bridge the gap between research and practice for government customers....
• By Leigh B. Metcalf
In CERT/CC Vulnerabilities
Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning
The U.S. National Institute of Standards and Technology (NIST) recently held a public comment period on their draft report on proposed taxonomy and terminology of Adversarial Machine Learning (AML)....
• By Jonathan Spring
In CERT/CC Vulnerabilities
Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization
We've just released a follow-up paper in our research agenda about prioritizing actions during vulnerability management, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization....
• By Allen D. Householder
In CERT/CC Vulnerabilities

ACM Digital Threats: Research and Practice
CERT/CC is very excited to announce a new journal in collaboration with ACM called ACM Digital Threats, Research and Practice. The journal (DTRAP) is a peer-reviewed journal....
• By Leigh B. Metcalf
In CERT/CC Vulnerabilities
Moving Beyond Resilience to Prosilience
Learn about the prosilience concept for preparing and responding to cyber incidents, in addition to its benefits in improving risk management in this SEI Blog post.
• By Summer C. Fowler
In Insider Threat

Vulnerability IDs, Fast and Slow
The CERT/CC Vulnerability Analysis team has been engaged in a number of community-based efforts surrounding Coordinated Vulnerability Disclosure lately....
• By Allen D. Householder
In CERT/CC Vulnerabilities

Domain Blacklist Ecosystem - A Case Study
Hi all, this is Jonathan Spring with my colleagues Leigh Metcalf and Rhiannon Weaver. We've been studying the dynamics of the Internet blacklist ecosystem....
• By Jonathan Spring, Leigh B. Metcalf
In CERT/CC Vulnerabilities
Blacklist Ecosystem Analysis
Hi all. Leigh Metcalf and I have been continuing our study of the cybersecurity ecosystem. Last year we published a long white paper....
• By Jonathan Spring, Leigh B. Metcalf
In CERT/CC Vulnerabilities
What's Different About Vulnerability Analysis and Discovery in Emerging Networked Systems?
Hi folks, Allen Householder here. In my previous post, I introduced our recent work in surveying vulnerability discovery for emerging networked systems (ENS)....
• By Allen D. Householder
In CERT/CC Vulnerabilities
