all InfoSec news
Talking Trojan: Analyzing an Industry-Wide Disclosure. (arXiv:2209.10717v1 [cs.CR])
Sept. 23, 2022, 1:24 a.m. | Nicholas Boucher, Ross Anderson
cs.CR updates on arXiv.org arxiv.org
While vulnerability research often focuses on technical findings and
post-public release industrial response, we provide an analysis of the rest of
the story: the coordinated disclosure process from discovery through public
release. The industry-wide 'Trojan Source' vulnerability which affected most
compilers, interpreters, code editors, and code repositories provided an
interesting natural experiment, enabling us to compare responses by firms
versus nonprofits and by firms that managed their own response versus firms
that outsourced it. We document the interaction with bug …
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Information Technology Specialist II: Network Architect
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Cyber Consultant
@ Frazer-Nash Consultancy | Gloucester, England, United Kingdom
Senior Vulnerability Management Reporting & Analytics Developer
@ Baker Hughes | IN-KA-BANGALORE-NEON BUILDING WEST TOWER
Product Security Architect
@ ChargePoint | Italy