Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Will Dormann
June 2016 - Presentation CERT BFF: From Start to PoC

Topics: Vulnerability Analysis

Authors: Will Dormann

This presentation describes the CERT Basic Fuzzing Framework (BFF) from start to PoC.

November 2015 - Webinar Web Traffic Analysis with CERT Tapioca

Topics: Vulnerability Analysis

Authors: Will Dormann

Will Dormann discusses a tool that shows whether a connection to the web is secure and what information is being transmitted.

August 2015 - Presentation How We Discovered Thousands of Vulnerable Android Apps in 1 Day

Topics: Vulnerability Analysis

Authors: Joji Montelibano, Will Dormann

In this presentation, we will describe our methodology in discovering these vulnerabilities, and recommend mitigation strategies for both developers and users.

May 2014 - Webinar Heartbleed: Analysis, Thoughts, and Actions

Topics: Network Situational Awareness, Secure Coding

Authors: Will Dormann, Robert Floodeen, Brent Kennedy, William Nichols, Jason McCormick, Robert C. Seacord

Panelists discussed the impact of Heartbleed, methods to mitigate the vulnerability, and ways to prevent crises like this in the future.

April 2012 - Technical Note Source Code Analysis Laboratory (SCALe)

Topics: Secure Coding

Authors: Robert C. Seacord, Will Dormann, James McCurley, Philip Miller, Robert W. Stoddard, David Svoboda, Jefferson Welch

In this report, the authors describe the CERT Program's Source Code Analysis Laboratory (SCALe), a conformance test against secure coding standards.

December 2010 - Technical Report Source Code Analysis Laboratory (SCALe) for Energy Delivery Systems

Topics: Secure Coding

Authors: Robert C. Seacord, Will Dormann, James McCurley, Philip Miller, Robert W. Stoddard, David Svoboda, Jefferson Welch

In this report, the authors describe the Source Code Analysis Laboratory (SCALe), which tests software for conformance to CERT secure coding standards.

November 2010 - Presentation As-If Infinitely Ranged Integer Model

Topics: Secure Coding

Authors: Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Thomas Plum (Plum Hall, Inc.), Will Dormann, David Keaton, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson

This ISSRE 2010 paper describes the AIR Integer model for eliminating vulnerabilities resulting from integer overflow, truncation, and unanticipated wrapping.

May 2010 - Podcast The Power of Fuzz Testing to Reduce Security Vulnerabilities

Authors: Will Dormann, Julia H. Allen

In this podcast, Will Dormann urges listeners to subject their software to fuzz testing to help identify and eliminate security vulnerabilities.

April 2010 - Technical Note As-If Infinitely Ranged Integer Model, Second Edition

Topics: Secure Coding

Authors: Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Will Dormann, David Keaton, Thomas Plum (Plum Hall, Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson

In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.

February 2010 - White Paper Instrumented Fuzz Testing Using AIR Integers (Whitepaper)

Topics: Secure Coding

Authors: Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Will Dormann, David Keaton, Robert C. Seacord, Timothy Wilson, Thomas Plum (Plum Hall, Inc.)

In this paper, the authors present the as-if infinitely ranged (AIR) integer model, which provides a mechanism for eliminating integral exceptional conditions.

February 2010 - Presentation Instrumented Fuzz Testing Using AIR Integers (Presentation)

Topics: Secure Coding

Authors: Will Dormann, Robert C. Seacord

In this February 2010 presentation, Will Dormann and Robert Seacord describe how to conduct instrumented fuzz testing using as-if infinitely ranged integers.

January 2008 - White Paper Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing

Topics: Vulnerability Analysis

Authors: Will Dormann, Daniel Plakosh

In this 2008 paper, the authors explore results of a test of a large number of Active X controls, which provides insight into the current state of ActiveX security.