Vulnerability Analysis
Blog Posts
Using Alternate Data Streams in the Collection and Exfiltration of Data
In this blog post, we describe how attackers obscure their activity via alternate data streams (ADSs) and how to defend against malware attacks that employ ADSs.
• By Dustin Updyke, Molly Jaconski
In Cybersecurity Engineering
Six Dimensions of Trust in Autonomous Systems
This post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.
• By Paul D. Nielsen
In Software Engineering Research and Development
Vulnerabilities: Everybody’s Got One!
In this post, Leigh Metcalf describes how she pulled data from the malvuln project to explore recent vulnerabilities in both malware and non-malware to study the differences.
• By Leigh Metcalf
In CERT/CC Vulnerabilities
The Latest Work from the SEI: Privacy, Ransomware, Digital Engineering, and the Solar Winds Hack
These publications highlight the latest work of SEI technologists in software architecture, digital engineering, and ransomware.
• By Douglas C. Schmidt
In Software Engineering Research and Development
Security Automation Begins at the Source Code
Hi, this is Vijay Sarvepalli, Information Security Architect in the CERT Division. On what seemed like a normal day at our vulnerability coordination center, one of my colleagues asked me....
• By Vijay Sarvepalli
In CERT/CC Vulnerabilities
Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization
We've just released a follow-up paper in our research agenda about prioritizing actions during vulnerability management, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization....
• By Allen Householder
In CERT/CC Vulnerabilities
VPN - A Gateway for Vulnerabilities
Virtual Private Networks (VPNs) are the backbone of today's businesses providing a wide range of entities from remote employees to business partners and...
• By Vijay Sarvepalli
In CERT/CC Vulnerabilities
Update on the CERT Guide to Coordinated Vulnerability Disclosure
It's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament....
• By Allen Householder
In CERT/CC Vulnerabilities
The Dangers of VHD and VHDX Files
Recently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF....
• By Will Dormann
In CERT/CC Vulnerabilities
Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines
The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....