Trey Herr

therr's picture

Trey Herr is the director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His team works on the role of the technology industry in geopolitics, cyber conflict, the security of the internet, cyber safety and growing a more capable cybersecurity policy workforce.

Subscribe to this Lawfare contributor via RSS.

Cybersecurity

What You See Is What You Get: Revisions to Our Paper on Estimating Vulnerability Rediscovery

We recently published a paper on the rediscovery of software vulnerabilities. This was the final version of a paper that had been in the works since September, peer-reviewed by the WEIS community during the winter, and then circulated for additional revision in early March. Since publication, two mistakes have come to light.

Cybersecurity

Rediscovering Vulnerabilities

Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.

Cyber & Technology

Ransomware Remixed: The Song Remains the Same

Another month, another ransomware epidemic. Broadsheets are screaming panic while companies yell back that All Is Well and Ukraine shows the world what gifs can do for incident response. Twitter is abuzz with the rapid, globalized forensics effort of a legion of amateurs and professionals (though nothing yet from the White House).

Cybersecurity: Legislation

PATCH: Debating Codification of the VEP

Today a bipartisan group of lawmakers introduced in both the House and Senate a bill that would formalize the Vulnerability Equities Process (VEP) into law. The proposed legislation, the Protecting our Ability To Counter Hacking (PATCH) Act, is sponsored by Senators Brian Schatz (D-Hawai‘i), Ron Johnson (R-Wis.), and Cory Gardner (R-Colo.) (all members of the Senate Committee on Commerce, Science, and Transportation) and Representatives Ted Lieu (D-Calif.) and Blake Farenthold (R-Texas).