Eric Hatleback
University of Pittsburgh
Eric Hatleback is a vulnerability researcher in the CERT Division of Carnegie Mellon University’s Software Engineering Institute. Hatleback earned his doctorate from the University of Pittsburgh’s Department of History and Philosophy of Science. Hatleback’s research interests include scientific methodology (understanding the justification for scientific inferences and assumptions), science of security (whether security exhibits similarities to established sciences), and vulnerability coordination (determining the optimal set of policies for handling vulnerabilities).
Publications by Eric Hatleback
-
Coordinated Vulnerability Disclosure User Stories
August 25, 2022 • White Paper
Brad RunyonEric HatlebackAllen D. Householder
This paper provides user stories to guide the development of a technical protocol and application programming interface for Coordinated Vulnerability Disclosure.
read -
Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0)
April 30, 2021 • White Paper
Jonathan SpringAllen D. HouseholderEric Hatleback
This paper presents version 2.0 of a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System (CVSS).
read -
A Stakeholder-Specific Vulnerability Categorization
October 29, 2020 • Podcast
Allen D. HouseholderEric HatlebackJonathan Spring
Eric Hatleback, Allen Householder, and Jonathan Spring, vulnerability and incident researchers in the SEI CERT Division, discuss SSVC and also take audience members through a sample scoring vulnerability.
learn more -
Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization
December 04, 2019 • White Paper
Jonathan SpringEric HatlebackAllen D. Householder
This paper presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System (CVSS).
read -
Towards Improving CVSS
December 04, 2018 • White Paper
Jonathan SpringEric HatlebackAllen D. Householder
This paper outlines challenges with the Common Vulnerability Scoring System (CVSS).
read -
Blacklist Ecosystem Analysis: July - December 2017
April 19, 2018 • White Paper
Eric HatlebackLeigh B. Metcalf
This short report provides a summary of the various analyses of the blacklist ecosystem performed from July 1, 2017, through December 31, 2017.
read -
Blacklist Ecosystem Analysis: January - June, 2017
August 22, 2017 • White Paper
Eric HatlebackLeigh B. Metcalf
This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from January through June 2017.
read -
Blacklist Ecosystem Analysis: July – December 2016
June 01, 2017 • White Paper
Eric HatlebackLeigh B. Metcalf
This report provides a summary of various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from July 1 through December 31, 2016.
read -
Thinking about Intrusion Kill Chains as Mechanisms
May 02, 2017 • Presentation
Jonathan SpringEric Hatleback
We integrate two established modeling methods from disparate fields: mechanisms from the philosophy of science literature and intrusion kill chain modeling from the computer security literature.
read -
Blacklist Ecosystem Analysis: January – June, 2016
December 01, 2016 • White Paper
Leigh B. MetcalfEric Hatleback
This short report provides a summary of the various analyses of the blacklist ecosystem performed to date. It also appends the latest additional data to those analyses; the added data in this report covers the time period from January through June 2016.
read -
Blacklist Ecosystem Analysis: 2016 Update
August 15, 2016 • White Paper
Leigh B. MetcalfEric HatlebackJonathan Spring
This white paper, which is the latest in a series of regular updates, builds upon the analysis of blacklists presented in our 2013 and 2014 reports.
read -
Exploring a Mechanistic Approach to Experimentation in Computing
July 01, 2014 • Article
Jonathan Spring
In this article, the authors describe the benefits of applying the mechanistic approach in philosophy of science to experimentation in computing.
read