Arbitrary Albatross: Neutral Names for Vulnerabilities at Volume

BSidesLV 2018

Presented by: Art Manion, Leigh Metcalf
Date: Wednesday August 08, 2018
Time: 18:00 - 18:55
Location: Ground Truth

Vulnerability identification is critical defensive security infrastructure. We have CVE, which is improving scope and coverage, but CVE assigns numbers, and people like words. Phrases. Names. From Heartbleed to Efail, there’s a trend in security research to market disclosure events with catchy brand names. Some are annoyed by this trend. Is annoyance justified? Names imply importance. Is the claimed importance justified? It may be that a more human-oriented handle is beneficial. We explore the issues around named vulnerabilities and present a system to generate names separate from implied importance.

Art Manion

Leigh Metcalf


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats