Inside the Lab Where Intel Tries to Hack Its Own Chips
Researchers at iSTARE have to think like the bad guys, finding critical flaws before processors go to production.
Inside the Lab Where Intel Tries to Hack Its Own Chips Read MoreVulnerability: A weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability. Mitigation of the vulnerabilities in this context typically involves coding changes, but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety).
—National Institute of Standards and Technology, National Vulnerability Database, “Vulnerabilities”
In computer security, a Vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface.
A security risk is often incorrectly classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is the potential of a significant impact resulting from the exploit of a vulnerability. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability—a vulnerability for which an exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled—see zero-day attack.
—Wikipedia, “Vulnerability (computing)“
Researchers at iSTARE have to think like the bad guys, finding critical flaws before processors go to production.
Inside the Lab Where Intel Tries to Hack Its Own Chips Read MoreThis is a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal enterprise.
Known Exploited Vulnerabilities Catalog Read MoreDayZero dives deep in cybersecurity vulnerabilities, and the crime, espionage, and warfare taking place on networked computers. We look at legislation, practice, and litigation over how to keep our networks and critical infrastructure secure; new and emerging threats and how the policy process responds to them; the relationship between cybersecurity other security goods; and cybersecurity in American relations with foreign adversaries and allies.
DayZero: Cybersecurity Law and Policy Read More