Month: January 2026
-
The Database That Shouldn’t Have Been Continues To Fail The Community
[This article was originally published on Dark Reading, titled “Hand CVE Over to the Private Sector“. Note that it underwent editing by the staff there. Below is my original version and this copy is titled the way I had proposed.] Created in 1999, the Common Vulnerability Enumeration (CVE), now dubbed Common Vulnerabilities and Exposures, was…
-
Bob’s “CVE Quality-by-Design Manifesto” – The Hit and Misses
Almost every time Bob Lord blogs, I feel the need to write a rebuttal to what is arguably abject stupidity and shortsightedness. One he published a couple days ago, titled “CVE Quality-by-Design Manifesto“, is missing several core concepts in the realm of vulnerability intelligence. While his overall point is certainly valid, the order in which…
-
Shadow, Ghost, and Phantasmawhatever Vulnerabilities – The Reality
Back in September of 2024, I took some notes on a blog I wanted to write about “Shadow” vulnerabilities, based on a corporate blog with a poor concept and misunderstanding of CVE. The title was to be “Shadow Vulnerabilities – Rebuttal” and pretty straight-forward. Vulnerability life is crazy when you help manage a true vulnerability…
-
Random Movie/TV Thoughts and Reviews (January 2026)
Reviews I finished Trigger (2025), a Korean cop/crime/action series that was pretty good. The most interesting aspect was the entire premise that is “what if guns flooded into South Korea?” So it basically becomes a gun epidemic that the police are fighting which is obviously a stark contrast to the United States. It’s simple, yet…
-
Vulnerability Disclosure Forensics: /cgi-bin/upload.cgi
Yesterday, Chris Sullo of Nikto fame, asked me a simple question; in so many words, what was the “first web vuln”. To be clear, he is asking about the first vulnerability in a web server / service / program. Seems relatively straight-forward but I challenge anyone to answer it with their own data set, especially…