search menu icon-carat-right cmu-wordmark

CERT/CC Blog

Vulnerability Insights

Latest Posts

Choosing the History for a Profile in Simple Network Flow Anomaly Detection

Choosing the History for a Profile in Simple Network Flow Anomaly Detection

• CERT/CC Blog
Angela Horneman

One of my responsibilities on the Situational Awareness Analysis team is to create analytics for various purposes. For the past few weeks, I've been working on some anomaly detection analytics for hunting in the network flow traffic of common network services. I decided to start with a very simple approach using mean and standard deviation for a historical period to create a profile that I could compare against current volumes. To do this, I planned...

Read More
Vulnerability IDs, Fast and Slow

Vulnerability IDs, Fast and Slow

• CERT/CC Blog
Allen Householder

The CERT/CC Vulnerability Analysis team has been engaged in a number of community-based efforts surrounding Coordinated Vulnerability Disclosure lately. I've written previously about our involvement in the NTIA Multistakeholder Process for Cybersecurity Vulnerabilities. Today I'll highlight our ongoing work in the Forum for Incident Response and Security Teams (FIRST). We are currently active in two vulnerability-related working groups within the FIRST organization: the Vulnerability Coordination SIG (recently merged with the NTIA Multiparty Disclosure working group),...

Read More
How to Win Friends and Coordinate a Vulnerability

How to Win Friends and Coordinate a Vulnerability

• CERT/CC Blog
Garret Wassermann

The CERT/CC Vulnerability Analysis team for nearly 30 years now has provided assistance for coordinated vulnerability disclosure (CVD). In a nutshell, we help security researchers communicate with software vendors to resolve security issues, and we get that information in the hands of anyone affected by the vulnerability. The CVD process can be confusing. To help researchers and vendors who are new to CVD, we're announcing a couple of simple but important additions to our CVD...

Read More
Coordinating Vulnerabilities in IoT Devices

Coordinating Vulnerabilities in IoT Devices

• CERT/CC Blog
Dan J. Klinedinst

The CERT Coordination Center (CERT/CC) has been receiving an increasing number of vulnerability reports regarding Internet of Things devices and other embedded systems. We've also been focusing more of our own vulnerability discovery work in that space. We've discovered that while many of the vulnerabilities are technically the same as in traditional IT software, the coordination process has some substantial differences that will need to be addressed as the Internet of Things grows....

Read More
Border Gateway Protocol Update Metric Analysis

Border Gateway Protocol Update Metric Analysis

• CERT/CC Blog
Leigh Metcalf

MRT is a file format used in BGP; in particular, it is used when the router writes updates into a log file. There are many programs out there for parsing these files, but I'm going to talk about a new program created at the CERT Division for searching the files. The program is designed to find routes that affect a given set of CIDR blocks, and to do it quickly....

Read More
E Pluribus, Que? Identifying Vulnerability Disclosure Stakeholders

E Pluribus, Que? Identifying Vulnerability Disclosure Stakeholders

• CERT/CC Blog
Allen Householder

On September 29, Art Manion and I attended the first meeting of the Multistakeholder Process for Cybersecurity Vulnerabilities initiated by the National Telecommunications and Information Administration (NTIA), part of the United States Department of Commerce. There has been ample coverage of the meeting in blogs (e.g., by Dr. Neal Krawetz and by Cris Thomas), mailing lists, and media reports, so I won't attempt to duplicate that information. During the course of the meeting, I became...

Read More
Supporting the Android Ecosystem

Supporting the Android Ecosystem

• CERT/CC Blog
Will Dormann

A few months ago, a widely-publicized set of vulnerabilities called StageFright hit the Android ecosystem. While Google fixed the vulnerabilities in what appears to be a reasonable amount of time, the deployment of those fixes to end-user devices is another story. Many Android devices have a lengthy supply chain, which can make the process of deploying OS updates a slow and uncertain process. In this blog post, I investigate the supply chain of the Android...

Read More