Vulnerability Mitigation
Blog Posts
Adversarial ML Threat Matrix: Adversarial Tactics, Techniques, and Common Knowledge of Machine Learning
My colleagues, Nathan VanHoudnos, April Galyardt, Allen Householder, and I would like you to know that today Microsoft and MITRE are releasing their Adversarial Machine Learning Threat Matrix. This is …
• By Jonathan Spring
In CERT/CC Vulnerabilities
Security Automation Begins at the Source Code
Hi, this is Vijay Sarvepalli, Information Security Architect in the CERT Division. On what seemed like a normal day at our vulnerability coordination center, one of my colleagues asked me....
• By Vijay Sarvepalli
In CERT/CC Vulnerabilities
Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization
We've just released a follow-up paper in our research agenda about prioritizing actions during vulnerability management, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization....
• By Allen Householder
In CERT/CC Vulnerabilities
VPN - A Gateway for Vulnerabilities
Virtual Private Networks (VPNs) are the backbone of today's businesses providing a wide range of entities from remote employees to business partners and...
• By Vijay Sarvepalli
In CERT/CC Vulnerabilities
It's Time to Retire Your Unsupported Things
"If it ain't broke, don't fix it." Why mess with something that already works? This is fair advice with many things in life. But when it comes to software security, …
• By Will Dormann
In CERT/CC Vulnerabilities
Update on the CERT Guide to Coordinated Vulnerability Disclosure
It's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament....
• By Allen Householder
In CERT/CC Vulnerabilities
The Dangers of VHD and VHDX Files
Recently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF....
• By Will Dormann
In CERT/CC Vulnerabilities
Life Beyond Microsoft EMET
Approximately eight years ago (September 2010), Microsoft released EMET (Enhanced Mitigation Experience Toolkit) 2.0. In the world of software defenders, there was much rejoicing....
• By Will Dormann
In CERT/CC Vulnerabilities
When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults
As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations....
• By Will Dormann
In CERT/CC Vulnerabilities
The CERT Guide to Coordinated Vulnerability Disclosure
We are happy to announce the release of the CERT® Guide to Coordinated Vulnerability Disclosure (CVD). The guide provides an introduction to the key concepts, principles, and roles necessary to …
• By Allen Householder
In CERT/CC Vulnerabilities