vulnerability-research

20
Aug
[TRANSCRIPT] Threats that may have gone unnoticed by organizations during the pandemic

[TRANSCRIPT] Threats that may have gone unnoticed by organizations during the pandemic

Casey Ellis, the founder, chairman and CTO of Bugcrowd, told SC Media Senior Reporter Joe Uchill that companies should think about the various threat scenarios that emerged over the last year that they may have missed as employees return to the office environment.
2 min read
26
Jun
The Bar Fight Risk Taxonomy

The Bar Fight Risk Taxonomy

After hearing "vulnerability" and "threat" used interchangeably for a >9,000th time I decided to do something about it, and the Bar Fight Risk Taxonomy was born.
4 min read
16
May
The iOS FaceTime vulnerability: What it means and what you can do to protect yourself

The iOS FaceTime vulnerability: What it means and what you can do to protect yourself

Yesterday news broke that a bug in FaceTime that allows callers to listen to the audio of the person they
3 min read
16
May
On disclosure, confidentiality, and norms…

On disclosure, confidentiality, and norms…

A few weeks ago I was tagged by Art Manion of the CERT Coordination Center (CERT/CC) in a tweet
3 min read
16
May
Election Security 2020: Don’t Let Disinformation Undermine Your Right to Vote

Election Security 2020: Don’t Let Disinformation Undermine Your Right to Vote

A tweet of a voting machine that “looks like” it’s infected by ransomware could be as effective at deterring voter turnout and confidence as the real deal, which is a cost-effective and asymmetric means to manipulate election results.
2 min read
08
May
On Project Zero's 90+30 vulnerability disclosure policy changes

On Project Zero's 90+30 vulnerability disclosure policy changes

Google is acknowledging the increasing prevalence of n-day exploitation in the wild, particularly over the past 18 months (e.g. the CISA/NSA memo) have taken their next step in refining how they strike balance between these forces.
4 min read
16
Apr
Security Research and Disclosure: The Unauthorized Biography - Nullcon March 2021

Security Research and Disclosure: The Unauthorized Biography - Nullcon March 2021

Title: Security Research and Disclosure: The Unauthorized Biography | Casey John Ellis | Nullcon Conference March 2021
31 min read
08
Mar
NIST: Vulnerability Disclosure as a Requirement for Every Organization

NIST: Vulnerability Disclosure as a Requirement for Every Organization

What is the NIST Cybersecurity  Framework? The NIST Cybersecurity Framework is a set of policies meant to help the private
2 min read
26
Feb
Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22

Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22

Katie Moussouris, Founder & CEO of Luta Security and Casey Ellis, Founder & CTO of Bugcrowd join Joe and Mike to talk all things responsibility disclosure – the good, the bad, and the ugly.
59 min read
22
Feb
Establishing asset ownership in vulnerability reporting

Establishing asset ownership in vulnerability reporting

The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.
3 min read