search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron

Podcast
By
Allen Householder, a senior vulnerability and incident researcher with the SEI’s CERT Division, talks with SEI principal investigator Suzanne Miller about Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).
Publisher

Software Engineering Institute

Subjects

Listen

Watch

Abstract

Coordinated vulnerability disclosure (CVD) begins when at least one individual becomes aware of a vulnerability, but it can’t proceed without the cooperation of many. Software supply chains, software libraries, and component vulnerabilities have evolved in complexity and have become as much a part of the CVD process as vulnerabilities in vendors’ proprietary code. Many CVD cases now require coordination across multiple vendors. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Allen Householder, a senior vulnerability and incident researcher with the SEI’s CERT Division, talks with SEI principal investigator Suzanne Miller about Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).

About the Speaker

Headshot of Allen Householder

Allen D. Householder

Allen D. Householder is a senior vulnerability researcher in the CERT Division of Carnegie Mellon University's Software Engineering Institute. Householder's research interests include applications of complex systems theory and machine learning to software and system security, fuzzing, and modeling of information sharing and trust among cybersecurity responders.

 

Read more
SHARE

Supplemental Materials

Download Transcript
Related Links
SEI Blog | Vultron: A Protocol for Coordinated Vulnerability Disclosure
Ask a question about this Podcast