How to Describe Vulnerability Information?

How to Describe Vulnerability Information?:

JPCERT/CC receives software vulnerability information from domestic and overseas reporters, then coordinates them in between the vendor/developer and the reporter. While there is a vulnerability reporting template, vulnerability itself is described in a free format. Reporter can describe about a vulnerability in a way they like. From a vulnerability coordinator’s perspective, the following are a few obstacles that we are facing:

1. It is necessary to “understand” the technical aspects

2. When the vulnerability description is written in your non-native language, it can be extremely difficult to comprehend

(Via JPCERT/CC Blog)

Read on for more. I support these activities, especially how to deal in multi-lingual ways.

Restricting Security Intel from prime consumers

Today’s Headlines and Commentary:

Secretary of Homeland Security Kirstjen Nielsen informed the Senate intelligence committee on Wednesday that only 20 of 150 state and local election officials have the security clearances they need to receive election security intelligence, Axios . Officials require this clearance to receive crucial information from the department on how best to decrease election infrastructure vulnerabilities ahead of Russian interference in the upcoming congressional midterm elections. Nielsen said that the department will sponsor a maximum of three officials per state to receive the sensitive clearance, and said her department will work through the interagency process to bypass the security clearance process and share urgent intelligence with local officials if needed.

(Via Lawfare – Hard National Security Choices)

How useful is security intelligence if the primary audience by and large isn’t allowed to read it?

Also on: