Software Engineering Institute (SEI) Podcast Series

Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron

02.24.2023 - By Members of Technical Staff at the Software Engineering InstitutePlay

Download our free app to listen on your phone

Download on the App StoreGet it on Google Play

Coordinated vulnerability disclosure (CVD) begins when at least one individual becomes aware of a vulnerability, but it can’t proceed without the cooperation of many. Software supply chains, software libraries, and component vulnerabilities have evolved in complexity and have become as much a part of the CVD process as vulnerabilities in vendors’ proprietary code. Many CVD cases now require coordination across multiple vendors. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Allen Householder, a senior vulnerability and incident researcher in the SEI’s CERT Division, talks with principal researcher Suzanne Miller about Vultron, a protocol for multi-party coordinated vulnerability disclosure (MPCVD).

More episodes from Software Engineering Institute (SEI) Podcast Series