search menu icon-carat-right cmu-wordmark

Archive: October 2020

Vulnonym: Stop the Naming Madness!

Vulnonym: Stop the Naming Madness!

• CERT/CC Blog
Leigh Metcalf

Spectre. Meltdown. Dirty Cow. Heartbleed. All of these are vulnerabilities that were named by humans, sometimes for maximum impact factor or marketing. Consequently, not every named vulnerability is a severe vulnerability despite what some researchers want you to think. Sensational names are often the tool of the discoverers to create more visibility for their work. This is an area of concern for the CERT/CC as we attempt to reduce any fear, uncertainty, and doubt for...

Read More
Adversarial ML Threat Matrix: Adversarial Tactics, Techniques, and Common Knowledge of Machine Learning

Adversarial ML Threat Matrix: Adversarial Tactics, Techniques, and Common Knowledge of Machine Learning

• CERT/CC Blog
Jonathan Spring

My colleagues, Nathan VanHoudnos, April Galyardt, Allen Householder, and I would like you to know that today Microsoft and MITRE are releasing their Adversarial Machine Learning Threat Matrix. This is a collaborative effort to bring MITRE's ATT&CK framework into securing production machine learning systems. You can read more at Microsoft's blog and MITRE's blog, as well as find a complete copy of the matrix on GitHub. We hope that you will join us in providing...

Read More