Name: Arbitrary Albatross: Neutral Naming of Vulnerabilities at Scale
Start: 2019-01-09T09:00:00-0500
End: 2019-01-09T09:30:00-0500

Back To Schedule

Arbitrary Albatross: Neutral Naming of Vulnerabilities at Scale

Feedback form is now closed.

Vulnerability identification is critical defensive security infrastructure. We have CVE, which is improving scope and coverage, But CVE assigns numbers and people like words. Phrases. Names. From Heartbleed to Efail, there’s a trend in security research to market disclosure events with catchy brand names. Some are annoyed by this trend. Is annoyance justified? Names imply importance. Is the claimed importance justified? It may be that a more human-oriented handle is beneficial. We explore the issues around named vulnerabilities and present a system to generate names separate from implied importance.

Speakers

Leigh Metcalf (Software Engineering Institute)

Senior Network Security Research Analyst, CERT Division - Software Engineering Institute

Leigh Metcalf has a PhD from Auburn University in Mathematics. She has been at CERT for over 8 years as a Cybersecurity researcher and is the co-Editor-in-chief of ACM Digital Threats: Research and Practice. She is also the primary author of the book Cybersecurity and Applied Mathematics... Read More →

2. Arbitrary Albatross Neutral Naming of Vulnerabilities at Scale pptx

Wednesday January 9, 2019 9:00am - 9:30am EST
Grand Ballroom 300 Bourbon St, New Orleans, LA 70130

General Session, Domain Analysis

Survey https://sei.az1.qualtrics.com/jfe/form/SV_bpXnQIul8bws95b

FloCon 2019

Leigh Metcalf (Software Engineering Institute)

Attendees (21)

FloCon 2019

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Leigh Metcalf (Software Engineering Institute)

Attendees (21)