Art Manion
CERT
Art Manion is an SEI alumni employee.
Art Manion is a senior member of the Vulnerability Analysis team in the CERT Program at the Software Engineering Institute (SEI), Carnegie Mellon University. Since joining CERT in 2001, Manion has studied vulnerabilities, coordinated disclosure efforts, and published advisories, alerts, and vulnerability notes for CERT/CC and US-CERT. Manion currently focuses on vulnerability discovery and other areas of applied research, including ways to automate and improve operational vulnerability response. Prior to joining the SEI, Manion was the Director of Network Infrastructure at Juniata College.
Publications by Art Manion
-
Coordinated Vulnerability Disclosure User Stories
August 25, 2022 • White Paper
Brad RunyonEric HatlebackAllen D. Householder
This paper provides user stories to guide the development of a technical protocol and application programming interface for Coordinated Vulnerability Disclosure.
read -
Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0)
April 30, 2021 • White Paper
Jonathan SpringAllen D. HouseholderEric Hatleback
This paper presents version 2.0 of a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System (CVSS).
read -
SolarWinds Hack: Fallout, Recovery, and Prevention
February 10, 2021 • Webinar
Matthew J. ButkovicArt Manion
The recent SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains.
watch -
VINCE: A Software Vulnerability Coordination Platform
January 25, 2021 • Podcast
Emily SarnesoArt Manion
Emily Sarneso, the architect of VINCE, and Art Manion, technical manager of the Vulnerability Analysis Team in the SEI CERT Division, discuss the rollout of VINCE, how to use it, and future work in vulnerability coordination.
learn more -
Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization
December 04, 2019 • White Paper
Jonathan SpringEric HatlebackAllen D. Householder
This paper presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System (CVSS).
read -
Improving the Common Vulnerability Scoring System
October 03, 2019 • Podcast
Jonathan SpringArt ManionDeana Shick
Art Manion, Deana Shick, and Jonathan Spring discuss a 2019 paper that outlines challenges with the Common Vulnerability Scoring System (CVSS) and proposes changes to improve it.
learn more -
Towards Improving CVSS
December 04, 2018 • White Paper
Jonathan SpringEric HatlebackAllen D. Householder
This paper outlines challenges with the Common Vulnerability Scoring System (CVSS).
read -
Arbitrary Albatross: Neutral Names for Vulnerabilities
October 08, 2018 • Presentation
Art Manion
In this presentation the author explores issues around named vulnerabilities and presents a system to generate names separate from implied importance.
read -
Desperately Seeking Severity
March 28, 2018 • Presentation
Art Manion
In this presentation, the author provides information to make better risk decisions, ideally free and from a reliable source, and he provides proximate severity and impact of a vulnerability.
read -
The CERT Guide to Coordinated Vulnerability Disclosure
August 15, 2017 • Special Report
Allen D. HouseholderGarret WassermannArt Manion
This guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful Coordinated Vulnerability Disclosure process. It also provides insights into how CVD can go awry and how to respond when it does so.
read -
SEI Cyber Minute: Coordinated Vulnerability Disclosure
September 07, 2016 • Video
Art Manion
Art Manion discusses "Coordinated Vulnerability Disclosure."
watch -
Security and the Internet of Things
August 25, 2016 • Podcast
Art Manion
In this podcast, CERT researcher Art Manion discusses work that his team is doing with the Department of Homeland Security to examine and secure IoT devices.
learn more -
Threat Modeling and the Internet of Things
May 12, 2016 • Podcast
Art ManionAllen D. Householder
Art Manion and Allen Householder of the CERT Vulnerability Analysis team, talk about threat modeling and its use in improving the security of the Internet of Things (IoT).
learn more -
Comments on Bureau of Industry and Security (BIS) Proposed Rule Regarding Wassenaar Arrangement 2013 Plenary Agreements Implementation for Intrusion and Surveillance Items
July 22, 2015 • White Paper
Allen D. HouseholderArt Manion
In this paper, CERT researchers comment on the proposed rule, Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items.
read -
VRDX-SIG: Global Vulnerability Identification
June 19, 2015 • Presentation
Art ManionTakayuki UchiyamaMasato Terada
Read about the results of the VRDX-SIG, a group chartered to develop recommendations for identifying, tracking, and exchanging information across disparate vulnerability databases.
read -
Data Driven Software Assurance
April 09, 2015 • Podcast
Michael D. KonradArt Manion
In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects.
learn more -
Data-Driven Software Assurance: A Research Study
May 09, 2014 • Technical Report
Michael D. KonradArt ManionAndrew P. Moore
In 2012, Software Engineering Institute (SEI) researchers began investigating vulnerabilities reported to the SEI's CERT Division. A research project was launched to investigate design-related vulnerabilities and quantify their effects.
read -
How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them
September 25, 2012 • Podcast
Art ManionJulia H. Allen
In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.
learn more -
Controls for Monitoring the Security of Cloud Services
August 02, 2011 • Podcast
Art ManionJonathan SpringJulia H. Allen
In this podcast, participants explain that it depends on the service model how cloud providers and customers can use controls to protect sensitive information.
learn more -
Securing Industrial Control Systems
July 27, 2010 • Podcast
Art ManionJulia H. Allen
In this podcast, Julia Allen how critical it is to secure systems that control physical switches, valves, pumps, meters, and manufacturing lines.
learn more -
Effectiveness of the Vulnerability Response Decision Assistance (VRDA) Framework
August 01, 2009 • White Paper
Art ManionKazuya Togashi (JPCERT/CC)Joseph B. Kadane (Department of Statistics, Carnegie Mellon University)
In this paper, the authors describe the Vulnerability Response Decision Assistance (VRDA) framework, a decision support and expert system.
read -
Managing Security Vulnerabilities Based on What Matters Most
July 22, 2008 • Podcast
Art ManionJulia H. Allen
In this podcast, Art Manion explains that determining which security vulnerabilities to address should be based on the importance of the information asset.
learn more -
Vulnerability Response Decision Assistance (VRDA)
June 17, 2007 • Presentation
Hal BurchArt ManionYurie Ito
In this presentation, the authors introduce the method called Vulnerability Response Decision Assistance (VRDA).
read -
2001 Tech Tip: Managing the Threat of Denial-of-Service Attacks
October 01, 2001 • White Paper
Allen D. HouseholderArt ManionLinda Pesante
In this 2001 paper, the authors describe the then-current situation regarding denial-of-service (DOS) attacks and ways of addressing the problem.
read