Tag: Curtis Kang

  • Let’s Talk About 0-days

    Let’s Talk About 0-days

    [This was a first draft of an article to be published on the Flashpoint Threat Intel blog. Ultimately, parts of it were adopted for a different blog but the original remains considerably different. Curtis Kang contributed significantly to the finished blog below.] Zero-days (0-days and other variations) are exploitable vulnerabilities that the general public is…

  • CISA’s BOD 22-01: How to Prioritize 100 Vulnerabilities in Two Weeks

    CISA’s BOD 22-01: How to Prioritize 100 Vulnerabilities in Two Weeks

    [This was originally published on riskbasedsecurity.com, and had considerable edits/enhancements done by Curtis Kang.] CISA BOD 22-01 introduces the directive for government vendors to mitigate 292 CVE IDs, or 301 vulnerabilities, 100 of them within a short timeframe. It is well-meaning and brings potentially valuable focus, but it will put pressure on teams working with…

  • Assessing the ‘War on Tech’: Huawei vs. U.S.

    Assessing the ‘War on Tech’: Huawei vs. U.S.

    [I wrote this with Curtis Kang who did a lot of work researching various aspects of this article and provided invaluable help. His research and written contributions made this article possible. It was originally intended to be published on RiskBasedSecurity.com in early 2020 but was passed over so I am publishing it here.] In 2019,…

  • Why EVM Security Hasn’t Changed For More Than 15 Years

    Why EVM Security Hasn’t Changed For More Than 15 Years

    [This was originally published on RiskBasedSecurity.com in the 2020 Q3 Vulnerability Quickview Report. It was authored with Curtis Kang.] In our 2019 Year End Vulnerability QuickView Report, we presented a detailed history of public Electronic Voting Machine (EVM) vulnerabilities. We’ve seen little change to the overall EVM security picture since then. With the Presidential elections…