Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/6/2013
01:47 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Software Security Center To Evaluate Cyberthreats

S2ERC will be launched at Georgetown later this month

MAY 6, 2013 – A NEW SECURITY AND Software Engineering Research Center (S2ERC) that will research cyber threats and other security and technology issues will be launched at Georgetown later this month.

Eric Burger, research professor of computer science, will serve as director of the new center, which will have its first face-to-face meeting on May 28.

"The S2ERC center is a win-win," says Burger, also founder and director of the recently established Georgetown Center for Secure Communications (GCSC). "We will attract high-energy, creative researchers to work with non-academic practitioners in a wide range of industries and government sites, who provide guidance, feedback and funding. Our researchers gain access to real-world data and experienced practitioners who can guide them, while affiliate companies gain immediate access to innovative research."

The May 28 meeting will address the Cyber Threat Intelligence Exchange Ecosystem, a project Burger is working on through the center that he says "makes the goal of threat information sharing a reality."

CREATIVE RESEARCHERS

Burger received a planning grant last year from the National Science Foundation to establish a S2ERC site on campus. Since then, he's worked with fellow computer science professor Cal Newport and several companies in related industries to begin research projects in the security and software fields.

"This is exactly the kind of center that would benefit a Georgetown student interested in the cross-section of practical, applied policy and in-depth research," Burger explains.

In addition to studying cyber threats, the center focuses on social, policy and corporate governance issues related to secure communications, as well as technologies to support network provenance, multilevel secure communications, network emulation and trust.

NATIONAL PRIORITY

The Cyber Threat Intelligence Exchange Ecosystem is a priority of President Obama, whose executive order and policy directive recently required the federal government to share cyber threat intelligence with the private sector.

Burger is working with Catherine Lotrionte, director of Georgetown's Institute for Law, Science and Global Security and visiting assistant professor of government and foreign service, on the project.

Newport is working with a major network provider on ways to allow enterprises to strategically share information about potential threats to other entities, taking over for Micah Sherr and Clay Shields of the computer science department, who were previously working on the project.

SIGNIFICANT RESEARCH CAPABILITY

"I am pleased to have a new center that fills a need Georgetown can uniquely satisfy – bringing government, industry, and academia together in the heart of the nation's capital," says Spiros Dimolitsas, Georgetown's senior vice president for research and chief technology officer. "The fact that we can attract participation from industry and government shows that our multiyear plan to build a significant research capability in the computer science department and a campus-wide cyber initiative is now bearing fruit."

Current industry affiliates the new Georgetown center will work with include Symantec, Check Point Software Technologies, Edgewater Networks and IID.

Visit the S2ERC website to learn more.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-8033
PUBLISHED: 2020-08-14
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
CVE-2020-15692
PUBLISHED: 2020-08-14
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands...
CVE-2020-15693
PUBLISHED: 2020-08-14
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values...
CVE-2020-15694
PUBLISHED: 2020-08-14
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
CVE-2015-8032
PUBLISHED: 2020-08-14
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.