search menu icon-carat-right cmu-wordmark

Undiscovered Vulnerabilities: Not Just for Critical Software

June 2022 Podcast
Jonathan Spring

Jonathan Spring discusses the findings in a recent paper that analyzes the number of undiscovered vulnerabilities in information systems.

“It’s not because we’ve done something wrong somewhere in the software engineering pipeline that you need vulnerability management. It’s because we’re using computers.”

Publisher:

Software Engineering Institute

Listen

Watch

Abstract

In our latest podcast, Jonathan Spring, a senior vulnerability researcher in the SEI's CERT Division, discusses with principal researcher Suzanne Miller the findings in a paper he published recently analyzing the number of undiscovered vulnerabilities in information systems. This paper examines the paradigm that the number of undiscovered vulnerabilities is manageably small through the lens of mathematical concepts from the theory of computing.

About the Speaker

Jonathan Spring

Jonathan Spring

Jonathan Spring is a senior member of the technical staff with the CERT division of the Software Engineering Institute (SEI) at Carnegie Mellon University. Spring began working at the SEI in 2009. ...

Jonathan Spring is a senior member of the technical staff with the CERT division of the Software Engineering Institute (SEI) at Carnegie Mellon University. Spring began working at the SEI in 2009. Prior posts include adjunct professor at the University of Pittsburgh’s School of Information Sciences and research fellow for the ICANN’s Security and Stability Advisory Committee (SSAC). At the SEI, Spring’s work focuses on producing reliable evidence for various levels of cybersecurity policies. Spring’s approach to work balances leading by example with reflecting on study design and other philosophical issues. Spring earned a doctoral degree in computer science from University College London.

Read more