CERT
search  



 
Historical Documents CERT Coordination Center CERT/CC Blog Dranzer Vulnerability Notes Database Vulnerability Disclosure Policy Link to US-CERT
 

Vulnerability Analysis

To reduce the security risks posed by software vulnerabilities, we strive to address both the number of vulnerabilities in software that is being developed and the number of vulnerabilities in software that is already deployed. Our vulnerability analysis work is divided into two areas. Identifying and reducing the number of new vulnerabilities before the software is deployed is the focus of our vulnerability discovery effort, while our vulnerability remediation work deals with existing vulnerabilities in deployed software. We regularly comment on issues of importance to the vulnerability analysis and security community through the CERT/CC Blog.

Vulnerability discovery

With vulnerability discovery, we strive to help engineers understand how vulnerabilities are created and found. Our goal is that, with this education, engineers will learn how to detect and eliminate—and eventually avoid—vulnerabilities in software products before the products are shipped.

In 2010, the CERT/CC held a workshop with vulnerability researchers and software vendors to discuss ideas, tools, and techniques used to find vulnerabilities. We have made available the slides and papers from the formal talks.

Vulnerability remediation

The unfortunate reality is that many software products are being shipped with vulnerabilities that attackers may be able to exploit. Our vulnerability remediation process involves four basic steps, but we also promote a comprehensive approach to protecting systems.

 

Report Vulnerabilities


Last updated August 17, 2012