Sasha Romanosky

Sasha Romanosky, PhD, is a policy researcher at the RAND Corporation where he researches topics on the economics of security and privacy, national security, applied microeconomics, and law & economics. He is a former Cyber Policy Advisor at the Department of Defense, and co-author of the Common Vulnerability Scoring System, an international standard for scoring computer vulnerabilities.

Subscribe to this Lawfare contributor via RSS.

Cybersecurity

Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

Sasha Romanosky Mon, Feb 4, 2019, 2:17 PM

The public release of the Vulnerability Equities Process (VEP) charter by the White House in late 2017 went a long way toward satisfying the public’s curiosity about the secretive, high-profile and contentious process by which the U.S. government decides whether to temporarily withhold or publicly disclose zero-day software vulnerabilities—that is, vulnerabilities for which no patches exist. Just recently, the U.K.

Read more about Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

Cyber & Technology

Private-Sector Attribution of Cyber Attacks: A Growing Concern for the U.S. Government?

Sasha Romanosky Thu, Dec 21, 2017, 11:20 AM

Attribution of cyber incidents is a reoccurring concern. Russian involvement in the 2016 U.S. presidential election remains a contentious issue, and on Tuesday, the White House publicly linked North Korea to the WannaCry ransomware attacks from earlier this year. This kind of public attribution by the U.S.

Read more about Private-Sector Attribution of Cyber Attacks: A Growing Concern for the U.S. Government?

Cybersecurity and Deterrence

It’s Time for the International Community to Get Serious about Vulnerability Equities

Kate Charlet, Sasha Romanosky, Bert Thompson Wed, Nov 15, 2017, 1:00 PM

The U.S.

Read more about It’s Time for the International Community to Get Serious about Vulnerability Equities

Cyber & Technology

What Is Cyber Collateral Damage? And Why Does It Matter?

Sasha Romanosky, Zachary K. Goldman Tue, Nov 15, 2016, 1:30 PM

In the world of kinetic military operations, collateral damage is typically straightforward to assess because of well-established definitions, well-understood weapon characteristics, and reasonably well-defined legal and policy frameworks. In traditional warfare, collateral damage occurs when a hostile action causes unintended physical damage to civilian persons or objects.

Read more about What Is Cyber Collateral Damage? And Why Does It Matter?