rediscovery

What You See Is What You Get: Revisions to Our Paper on Estimating Vulnerability Rediscovery

Trey Herr, Bruce Schneier Thu, Jul 27, 2017, 3:18 PM

We recently published a paper on the rediscovery of software vulnerabilities. This was the final version of a paper that had been in the works since September, peer-reviewed by the WEIS community during the winter, and then circulated for additional revision in early March. Since publication, two mistakes have come to light.

Cybersecurity

Rediscovering Vulnerabilities

Trey Herr, Bruce Schneier Fri, Jul 21, 2017, 11:30 AM

Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.

Read more about Rediscovering Vulnerabilities

rediscovery

Cybersecurity

What You See Is What You Get: Revisions to Our Paper on Estimating Vulnerability Rediscovery

Cybersecurity

Rediscovering Vulnerabilities

Subscribe to Lawfare

Support Lawfare

Explore