search menu icon-carat-right cmu-wordmark

Archive: 2017

The CERT Guide to Coordinated Vulnerability Disclosure

The CERT Guide to Coordinated Vulnerability Disclosure

• CERT/CC Blog
Allen Householder

We are happy to announce the release of the CERT® Guide to Coordinated Vulnerability Disclosure (CVD). The guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful CVD process. It also provides insights into how CVD can go awry and how to respond when it does so....

Read More
The Consequences of Insecure Software Updates

The Consequences of Insecure Software Updates

• CERT/CC Blog
Will Dormann

In this blog post, I discuss the impact of insecure software updates as well as several related topics, including mistakes made by software vendors in their update mechanisms, how to verify the security of a software update, and how vendors can implement secure software updating mechanisms....

Read More
The Twisty Maze of Getting Microsoft Office Updates

The Twisty Maze of Getting Microsoft Office Updates

• CERT/CC Blog
Will Dormann

While investigating the fixes for the recent Microsoft Office OLE vulnerability, I encountered a situation that led me to believe that Office 2016 was not properly patched. However, after further investigation, I realized that the update process of Microsoft Update has changed. If you are not aware of these changes, you may end up with a Microsoft Office installation that is missing security updates. With the goal of preventing others from making similar mistakes as...

Read More