Software Engineering Institute/SEI

This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly

Posted on August 16, 2017 by Shaun Waterman

Over the past year or so, there’s been an explosion of interest in vulnerability disclosure policy — the question of what to do about flaws in software found by security researchers that should be patched lest they get used by hackers to break into computer systems. Both the Defense Department and the General Services Administration have launched bug bounty programs to reward researchers who responsibly report security flaws they find, and the National Telecommunications and Information Administration’s multistakeholder process published a guide to coordinated vulnerability disclosure, or CVD. Even the Justice Department has gotten in on the act — putting out a set of legal guidelines for companies and other organizations interested in establishing a vulnerability reporting and fixing process. So you would think the publication of yet another set of guidance would be anti-climatic and might even be ignored. But you’d be wrong. The prestigious Software Engineering Institute at Carnegie Mellon University […]

The post This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly appeared first on Cyberscoop.

Continue reading This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly→

Bobbie Stempfley will lead Carnegie Mellon CERT

Posted on June 14, 2017 by Michael Bergin

Veteran federal IT official Roberta G. “Bobbie” Stempfley will take over the Carnegie Mellon University Software Engineering Institute’s CERT Division, the oldest Computer Emergency Response Team in the world, SEI announced this week. “From my positions in government, I have come to know and respect the work done by the talented cybersecurity professionals at the SEI’s CERT Division,” said Stempfley in a release. “It is now my honor to lead this division, which, for nearly 30 years, has been at the forefront of our nation’s cyber defense. I look forward to working with this team.” Before coming to CERT, Stempfley was director of cyber strategy implementation at non-profit government technology contractor the MITRE Corp. She previously served as deputy assistant secretary and acting assistant secretary in the Office of Cyber Security and Communications for the Department of Homeland Security. Prior to that, Stempfley worked at the Pentagon as CIO of the Defense Information Systems Agency […]

The post Bobbie Stempfley will lead Carnegie Mellon CERT appeared first on Cyberscoop.

Continue reading Bobbie Stempfley will lead Carnegie Mellon CERT→