http://sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Vulnerability Analysisen-usMon, 19 Sep 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/using-alternate-data-streams-in-the-collection-and-exfiltration-of-data/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn this blog post, we describe how attackers obscure their activity via alternate data streams (ADSs) and how to defend against malware attacks that employ ADSs.Dustin Updyke, Molly JaconskiMon, 19 Sep 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/using-alternate-data-streams-in-the-collection-and-exfiltration-of-data/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisVulnerability DiscoveryVulnerability MitigationMalware AnalysisMalwarehttps://www.sei.cmu.edu/blog/six-dimensions-of-trust-in-autonomous-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.Paul NielsenWed, 20 Apr 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/six-dimensions-of-trust-in-autonomous-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSoftware AssuranceVulnerability DiscoveryDevopsArtificial Intelligence EngineeringMachine LearningCybersecurityAutonomy and Counter-AutonomySoftware and Information AssuranceHuman-Machine InteractionsArtificial IntelligenceDigital EngineeringCyber-Physical Systemshttps://www.sei.cmu.edu/blog/vulnerabilities-everybodys-got-one/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn this post, Leigh Metcalf describes how she pulled data from the malvuln project to explore recent vulnerabilities in both malware and non-malware to study the differences.Leigh MetcalfWed, 16 Jun 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/vulnerabilities-everybodys-got-one/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCERT/CC VulnerabilitiesVulnerability AnalysisMalware AnalysisMalwarehttps://www.sei.cmu.edu/blog/the-latest-work-from-the-sei-privacy-ransomware-digital-engineering-and-the-solar-winds-hack/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThese publications highlight the latest work of SEI technologists in software architecture, digital engineering, and ransomware.Douglas SchmidtMon, 05 Apr 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/the-latest-work-from-the-sei-privacy-ransomware-digital-engineering-and-the-solar-winds-hack/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware ArchitectureVulnerability Analysishttps://www.sei.cmu.edu/blog/security-automation-begins-at-the-source-code/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesHi, this is Vijay Sarvepalli, Information Security Architect in the CERT Division. On what seemed like a normal day at our vulnerability coordination center, one of my colleagues asked me....Vijay SarvepalliWed, 11 Mar 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/security-automation-begins-at-the-source-code/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CChttps://www.sei.cmu.edu/blog/prioritizing-vulnerability-response-with-a-stakeholder-specific-vulnerability-categorization/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWe've just released a follow-up paper in our research agenda about prioritizing actions during vulnerability management, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization....Allen HouseholderThu, 05 Dec 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/prioritizing-vulnerability-response-with-a-stakeholder-specific-vulnerability-categorization/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability MitigationCERT/CCSoftware and Information Assurancehttps://www.sei.cmu.edu/blog/vpn-a-gateway-for-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVirtual Private Networks (VPNs) are the backbone of today's businesses providing a wide range of entities from remote employees to business partners and...Vijay SarvepalliWed, 13 Nov 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/vpn-a-gateway-for-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CChttps://www.sei.cmu.edu/blog/update-on-the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIt's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament....Allen HouseholderMon, 16 Sep 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/update-on-the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/the-dangers-of-vhd-and-vhdx-files/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRecently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF....William DormannWed, 04 Sep 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/the-dangers-of-vhd-and-vhdx-files/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CChttps://www.sei.cmu.edu/blog/comments-on-voluntary-voting-system-guidelines-20-principles-and-guidelines/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....Allen Householder, Deana Shick, Jonathan Spring, Art ManionFri, 14 Jun 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/comments-on-voluntary-voting-system-guidelines-20-principles-and-guidelines/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesCERT/CCSoftware and Information AssuranceBest Practiceshttps://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAddressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....Nataliya ShevchenkoMon, 04 Feb 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAlmost all software systems today face a variety of threats, and the number of threats grows as technology changes....Nataliya ShevchenkoMon, 03 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/decision-making-factors-for-selecting-application-security-testing-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn the first post in this series, I presented 10 types of application security testing (AST) tools and discussed when and how to use them....Tom ScanlonMon, 20 Aug 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/decision-making-factors-for-selecting-application-security-testing-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsCybersecuritySecure CodingSecurity-Related RequirementsSoftware and Information AssuranceTestingVulnerability AnalysisSecure Developmenthttps://www.sei.cmu.edu/blog/10-types-of-application-security-testing-tools-when-and-how-to-use-them/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post categorizes different types of application security testing tools and provides guidance on how and when to use each class of tool.Tom ScanlonMon, 09 Jul 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/10-types-of-application-security-testing-tools-when-and-how-to-use-them/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesTestingCybersecurityCERT/CCSoftware and Information AssuranceCyber Missionshttps://www.sei.cmu.edu/blog/8-at-risk-emerging-technologies/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIdentifying 8 emerging technologies at risk for security vulnerabilities, this SEI Blog post covers autonomous systems, AI, 5G networks and more.Dan KlinedinstMon, 23 Oct 2017 00:00:00 -0400https://www.sei.cmu.edu/blog/8-at-risk-emerging-technologies/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesCERT/CCAutonomy and Counter-AutonomyBlockchainhttps://www.sei.cmu.edu/blog/the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDiscover the recently released CERT Guide to Coordinated Vulnerability Disclosure in this SEI Blog post.Allen HouseholderTue, 15 Aug 2017 00:00:00 -0400https://www.sei.cmu.edu/blog/the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CCCyber MissionsBest Practiceshttps://www.sei.cmu.edu/blog/announcing-cert-basic-fuzzing-framework-version-28/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesToday we are announcing the release of the CERT Basic Fuzzing Framework Version 2.8 (BFF 2.8). It's been about three years since we released BFF 2.7....Allen HouseholderWed, 05 Oct 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/announcing-cert-basic-fuzzing-framework-version-28/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryCERT/CChttps://www.sei.cmu.edu/blog/cvd-series-principles-of-coordinated-vulnerability-disclosure-part-2-of-9/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog, the second in a nine-part series, explores Coordinated Vulnerability Disclosure (CVD) best practices for vulnerability disclosure.Garret WassermannTue, 04 Oct 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/cvd-series-principles-of-coordinated-vulnerability-disclosure-part-2-of-9/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/cvd-series-what-is-coordinated-vulnerability-disclosure-part-1-of-9/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis is the first post in a series about Coordinated Vulnerability Disclosure (CVD). In this series, we will discuss why CVD is an important part of the modern software development lifecycle, and how individuals and organizations can establish a CVD process.Garret WassermannTue, 27 Sep 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/cvd-series-what-is-coordinated-vulnerability-disclosure-part-1-of-9/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCERT/CC VulnerabilitiesVulnerability AnalysisSecurity VulnerabilitiesBest Practiceshttps://www.sei.cmu.edu/blog/the-risks-of-google-sign-in-on-ios-devices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Google Identity Platform is a system that allows you to sign in to applications and other services by using your Google account....William DormannTue, 02 Aug 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/the-risks-of-google-sign-in-on-ios-devices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability MitigationCERT/CCBest Practices