FloCon 2019: Arbitrary Albatross: Neutral Naming of V...

Arbitrary Albatross: Neutral Naming of Vulnerabilities at Scale

Feedback form is now closed.

Vulnerability identification is critical defensive security infrastructure. We have CVE, which is improving scope and coverage, But CVE assigns numbers and people like words. Phrases. Names. From Heartbleed to Efail, there’s a trend in security research to market disclosure events with catchy brand names. Some are annoyed by this trend. Is annoyance justified? Names imply importance. Is the claimed importance justified? It may be that a more human-oriented handle is beneficial. We explore the issues around named vulnerabilities and present a system to generate names separate from implied importance.

Speakers

Leigh Metcalf (Software Engineering Institute)

Senior Network Security Research Analyst, CERT Division - Software Engineering Institute

Leigh Metcalf has a PhD from Auburn University in Mathematics. She has been at CERT for over 8 years as a Cybersecurity researcher and is the co-Editor-in-chief of ACM Digital Threats: Research and Practice. She is also the primary author of the book Cybersecurity and Applied Mathematics... Read More →

2. Arbitrary Albatross Neutral Naming of Vulnerabilities at Scale pptx

Wednesday January 9, 2019 9:00am - 9:30am
Grand Ballroom 300 Bourbon St, New Orleans, LA 70130

General Session, Domain Analysis

Survey https://sei.az1.qualtrics.com/jfe/form/SV_bpXnQIul8bws95b

FloCon 2019

Leigh Metcalf (Software Engineering Institute)

Attendees (21)

Recently Active Attendees

FloCon 2019

Sign up or log in to save this to your schedule and see who's attending!

Leigh Metcalf (Software Engineering Institute)

Attendees (21)

Recently Active Attendees