CertStream is a free service for getting information from the Certificate Transparency Log Network. I decided to investigate the presence of domains generated by Domain Generation Algorithms (DGA) in this stream and I found some intersting phenomena.
If you are a software vendor, IT administrator, or CSIRT team, you are probably using the Common Vulnerability Scoring System (CVSS) in one way or another. The CERT/CC recently published a white paper entitled Towards Improving CVSS that outlines what we consider to be major challenges with the standard and discusses some ways forward. This post is a summary of that paper; if you are interested, please review the full paper for an elaboration of the concerns outlined below.