Sasha Romanosky

sromanosky's picture

Sasha Romanosky, PhD, is a policy researcher at the RAND Corporation where he researches topics on the economics of security and privacy, national security, applied microeconomics, and law & economics. He is a former Cyber Policy Advisor at the Department of Defense, and co-author of the Common Vulnerability Scoring System, an international standard for scoring computer vulnerabilities.

Subscribe to this Lawfare contributor via RSS.


Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

The public release of the Vulnerability Equities Process (VEP) charter by the White House in late 2017 went a long way toward satisfying the public’s curiosity about the secretive, high-profile and contentious process by which the U.S. government decides whether to temporarily withhold or publicly disclose zero-day software vulnerabilities—that is, vulnerabilities for which no patches exist. Just recently, the U.K.

Cyber & Technology

Private-Sector Attribution of Cyber Attacks: A Growing Concern for the U.S. Government?

Attribution of cyber incidents is a reoccurring concern. Russian involvement in the 2016 U.S. presidential election remains a contentious issue, and on Tuesday, the White House publicly linked North Korea to the WannaCry ransomware attacks from earlier this year. This kind of public attribution by the U.S.

Cyber & Technology

What Is Cyber Collateral Damage? And Why Does It Matter?

In the world of kinetic military operations, collateral damage is typically straightforward to assess because of well-established definitions, well-understood weapon characteristics, and reasonably well-defined legal and policy frameworks. In traditional warfare, collateral damage occurs when a hostile action causes unintended physical damage to civilian persons or objects.