Vulnerability Analysis Research
Our work focuses on two primary areas of analysis: discovery and coordination.
In the discovery phase of our work, we strive to help software vendors understand how vulnerabilities are created and found. Our goal is to to provide education that helps vendors learn how to detect and eliminate—and eventually avoid—vulnerabilities in software products before the products are released.
Patching or updating software is usually an effective way to remove vulnerabilities, but there are often other ways to reduce risk. In the coordination phase of our work, we promote a four-step comprehensive approach that includes following best practices, making configuration or architecture changes, and applying workarounds. In some cases, these strategies provide better long-term vulnerability reduction than simply patching or updating.