August 2025 – Rants of a deranged squirrel.
1 post published by jericho during August 2025| Rants of a deranged squirrel.
1 post published by jericho during August 2025| Rants of a deranged squirrel.
This year at BSides Las Vegas, a panel discussing the CVE program and crisis occurred. I watched the panel discussion after the fact, since I did not attend. For full transparency, something MITRE …| Rants of a deranged squirrel.
On July 14, 2025, a relatively new security company named Miggo Security announced a new offering called VulnDB. Even for my casual readers you may have done a double-take thinking I just made a gl…| Rants of a deranged squirrel.
Yesterday, Matt Hartman, CISA Acting Executive Assistant Director for Cybersecurity, issued a statement on the CVE program. Trying to summarize the last several days and what happened is tricky, but you can read my LinkedIn posts as well as countless news articles and folks talking about. The super tl;dr is that on April 15, a […]| Rants of a deranged squirrel.
On April 16, 2025, IBM posted their X-Force 2025 Threat Intelligence Index. Like many reports of this nature, it covers a wide variety of aspects relating to threat intelligence. Of course, one of …| Rants of a deranged squirrel.
Vulnerability disclosure analysts are long familiar with so-called “mega advisories”, ones that typically come from vendors and often for products that ship appliances using hundreds of libraries or products with an entire operating system included. Such advisories can literally represent over 500 vulnerabilities in one shot. I’ll try to make this a bit fun! Disclaimer: […]| Rants of a deranged squirrel.
[4/13/2025 Update: See very end, below last image, for an amusing update.] Today was the second day of VulnCon 2025, a conference whose stated purpose is “to collaborate with various vulnerab…| Rants of a deranged squirrel.
What’s Your Story CVE-2015-2551? This CVE-2015-2551 entry seems straight-forward, based on the description provided by CVE or NVD. Looking at the change history on NVD it is a bit more informative: So the ID was created for the 2015 calendar year, apparently not used, rejected seven years later, and confirmed by the assigning CNA (Microsoft). […]| Rants of a deranged squirrel.
After years of chasing down typos in CVE IDs, now we all have to contend with poorly researched headlines and apparent to me ambulance chasing over mistaken product names. If you missed the news, t…| Rants of a deranged squirrel.
One aspect of vulnerability intelligence is also doing a best-faith effort to track the threat actors that are using the vulnerabilities. While that information often isn’t published, when it…| Rants of a deranged squirrel.
The Common Weakness Enumeration (CWE) is a MITRE run, community-developed list of common software and hardware weaknesses (Wikipedia Page). The project defines a “weakness” as “a …| Rants of a deranged squirrel.
[I wrote this on September 21st, but apparently forgot to ultimately move from GDoc to Blog. I suspect because it really needs to be cleaned up as it is my first draft. Rather than do that, since t…| Rants of a deranged squirrel.
This is part two of my thoughts on Known Exploited Vulnerabilities (KEV), and where it gets a lot more interesting! Please see the first blog before starting here. Automation / Eagerness To Add Rea…| Rants of a deranged squirrel.
This is the first of two blogs with my thoughts on Known Exploited Vulnerabilities (KEV) tracking and the challenges that come with tracking them. Introduction On November 03, 2021, Cybersecurity a…| Rants of a deranged squirrel.
Disclaimer: This blog is not about politics in the sense of party affiliations and I am not making a political statement. Further, I am not interested in hearing your views on one party or the othe…| Rants of a deranged squirrel.
On June 5, 2024, I sent a FOIA request to National Institute of Standards and Technology requesting a copy of the contract between the National Vulnerability Database (NVD) and ANALYGENCE, a contra…| Rants of a deranged squirrel.
Yesterday, at the first inaugural VulnCon, Tanya Brewer from the NVD gave a presentation that was listed on the agenda as “NVD Symposium”. At the talk, her slides began with a header &#…| Rants of a deranged squirrel.
