Vulnerability Analysis

Software Assurance Secure Coding Vulnerability Analysis Function Extraction (FX)

Publications Catalog Historical Documents CERT Coordination Center Vulnerability Analysis Blog Dranzer US-CERT Vulnerability Notes Database Vulnerability Disclosure Policy CERT Knowledgebase

Vulnerability Analysis

To reduce the security risks posed by software vulnerabilities, we strive to address both the number of vulnerabilities in software that is being developed and the number of vulnerabilities in software that is already deployed. Our vulnerability analysis work is divided into two areas. Identifying and reducing the number of new vulnerabilities before the software is deployed is the focus of our vulnerability discovery effort, while our vulnerability remediation work deals with existing vulnerabilities in deployed software. We regularly comment on issues of importance to the vulnerability analysis and security community through our blog.

Vulnerability discovery

With vulnerability discovery, we strive to help engineers understand how vulnerabilities are created and discovered. Our goal is that with this education, engineers will learn how detect and eliminate—and eventually avoid—vulnerabilities in software products before the products are shipped.

Vulnerability remediation

The unfortunate reality is that many software products are being shipped with vulnerabilities that attackers may be able to exploit. Our vulnerability remediation process involves four basic steps, but we also promote a comprehensive approach to protecting systems.

Report Vulnerabilities

Vulnerability reporting form
This interactive form allows you to securely report a vulnerability by entering information online. The text form is also still available.

Vulnerability disclosure policy

Other Resources

Publications

Vulnerability analysis blog

Securing Your Web Browser

Podcasts

Managing Security Vulnerabilities Based on What Matters Most

Last updated April 10, 2009