Month: September 2024
-
Known Exploited Vulnerabilities (KEV) Thoughts – Part Two
This is part two of my thoughts on Known Exploited Vulnerabilities (KEV), and where it gets a lot more interesting! Please see the first blog before starting here. Automation / Eagerness To Add Reading vulnerability disclosures can be a grueling mission full of frustrations. Poorly written advisories, missing technical details, and errors make the life…
-
Known Exploited Vulnerabilities (KEV) Thoughts – Part One
This is the first of two blogs with my thoughts on Known Exploited Vulnerabilities (KEV) tracking and the challenges that come with tracking them. Introduction On November 03, 2021, Cybersecurity and Infrastructure Security Agency (CISA) announced a Binding Operational Directives (BOD) titled “BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities“. This BOD established…
-
How to Steal an Election (Taylor’s Version)
Disclaimer: This blog is not about politics in the sense of party affiliations and I am not making a political statement. Further, I am not interested in hearing your views on one party or the other. Rather, this blog is just a thought experiment on manipulating an election. This general idea is not new by…
-
2024 NIST / ANALYGENCE FOIA Results
On June 5, 2024, I sent a FOIA request to National Institute of Standards and Technology requesting a copy of the contract between the National Vulnerability Database (NVD) and ANALYGENCE, a contractor that had been retained to help with the NVD backlog. This was one of two trying to determine how much the U.S. Government…
-
Vulnerability Forecasting Technical Colloquium – A Few Thoughts
[I wrote this on September 21st, but apparently forgot to ultimately move from GDoc to Blog. I suspect because it really needs to be cleaned up as it is my first draft. Rather than do that, since the event has passed, I will just backdate instead. This blog was actually published December 28, 2024.] Part…