Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
Posts
New Personal PGP Key
Published:
Around when I started at the CERT Coordination Center in 2014, I created a personal PGP key for secure email communications to handle vulnerability reports. With that key going on a decade old, it seemed appropriate to retire it and create a newer key. Especially since newer crypto algorithms like ECC are becoming more popular, with the older RSA (possibly?) beginning to phase out. Trail of Bits for example has a blog post arguing to stop using RSA and instead adopt ECC, in particular Ed25519, for signing keys. Read more
Rust Ecosystem Security
Published:
Below is a round up of some of my work at the Software Engineering Institute investigating secure coding in Rust and the security of the Rust ecosystem in terms of vulnerability analysis and reverse engineering work. Read more
Malware Analysis Tools for Ghidra
Published:
Below is a round up of some of my work at the Software Engineering Institute with Ghidra and developing automated tools for reverse engineering and static code analysis, particularly with an eye toward malware analysis. Read more
Lost Knowledge As Libraries Go Online
Published:
My local library recently ended a pretty big sale; most of its books were sold for about $0.25 each. Many of the books were technical (though introductory level): programming, mathematics, sciences. But there was also a good amount of history and fiction available. I love books and snatched up a bunch, but I did so with a heavy heart at seeing so much knowledge being given up by a place of a learning – particularly when many of the shelves that used to hold books now hold DVDs. Read more
Coordinated Vulnerability Disclosure
Published:
Below is a round up of a series of blog posts I authored for the Software Engineering Institute blog describing the coordinated vulnerability disclosure (CVD) process and challenges in coordinating vulnerability responses with vendors. Read more
The GPL Is About User Freedom, Not Developers
Published:
Recently, in online communities and forums, and even professional organizations like ACM, I’ve been seeing an argument that the GNU General Public License (GPL) is restrictive, while more liberal licenses like the BSD and MIT licenses are “more free”. A recent column in April 2016’s Communications of the ACM repeated this obviously misunderstood statement with a pretty aggressive attack on the GPL. Read more
portfolio
Portfolio item number 1
Published:
Short description of portfolio item number 1
Read more
Portfolio item number 2
Published:
Short description of portfolio item number 2 Read more
publications
Fabrication and Assembly Behavior of Square Microcapsules
Published in Adv. Mater. 2006, 18, 270–274, 2006
Herein we report the use of silicon membranes in the fabrication of micrometer-sized square tubes and capsules. The Si pores of a membrane are modified with a polymer component such that a gap is created along the wall of the channel. Electrochemical deposition within this modified structure creates square metal tubes. The tubes can be released from the membrane, or with further processing, be converted to buoyant microcapsules with interesting assembly properties. Read more
Recommended citation: F. Li, X. Badel, J. Linnros, G. Wasserman, S. L. Whittenburg, L. Spinu, J. B. Wiley. "Fabrication and Assembly Behavior of Square Microcapsules". Adv. Mater. 2006, 18, 270–274
Download Paper
Lab Manual for (First/Second) Semester (Algebra/Calculus)-Based Physics
Published in XanEdu Inc., 2014
A set of algebra- and calculus-based physics lab manuals meant to accompany 1st and 2nd semester general physics courses, originally published in 2014, now in 4th Edition (2019). Read more
Recommended citation: Patricia Robbert, Garret Wassermann, and Elaina Rodriguez. Lab Manual for (First/Second) Semester (Algebra/Calculus)-Based Physics, 4th Edition. XanEdu Inc. 2019.
2016 Emerging Technology Domains Risk Survey
Published in Software Engineering Institute Special Report, 2016
In today’s increasingly interconnected world, the information security community must be prepared to address emerging vulnerabilities that may arise from new technology domains. Read more
Recommended citation: King, Christopher; Klinedinst, Dan; Lewellen, Todd; & Wassermann, Garret. 2016 Emerging Technology Domains Risk Survey. Software Engineering Institute. 2016. https://insights.sei.cmu.edu/library/2016-emerging-technology-domains-risk-survey/
Download Paper
The CERT Guide to Coordinated Vulnerability Disclosure
Published in Software Engineering Institute Special Report, 2017
This guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful Coordinated Vulnerability Disclosure process. It also provides insights into how CVD can go awry and how to respond when it does so. Read more
Recommended citation: Householder, Allen D.; Wassermann, Garret; Manion, Art; & King, Christopher. The CERT Guide to Coordinated Vulnerability Disclosure. Software Engineering Institute. 2017. https://insights.sei.cmu.edu/library/the-cert-guide-to-coordinated-vulnerability-disclosure-2/
Download Paper
talks
HealthTech 2015 - Medical Device Security
Published:
Participant in HealthTech 2015 discussions around medical device security. Read more
Mobile Security: Methods and Challenges During Development
Published:
Panelist for session “Mobile Security: Methods and Challenges During Development” Read more
What Every Developer Needs to Know About Coordinated Vulnerability Disclosure
Published:
Title: Don’t Let the Bad Bugs Bite: What Every Developer Needs to Know About Coordinated Vulnerability Disclosure Read more
teaching
PHYS 1031 - General Physics 1
Undergraduate course
General Physics 1, algebra-based. General physics course for science majors outside of physics and engineering (biology, etc.). Read more
IT220 - Network Standards and Protocols
Undergraduate course
An introduction course to basic computer networking, in preparation for the Network+ certification. Read more
TB143 - Intro to PCs
Undergraduate course
An introduction course to basic personal computer structure and architecture. Meant as a first course on IT degree track. Covers computer math and logic (e.g., binary numbers and arithmetic), as well as an oveview of the various components of a computer such as CPU, motherboard, memory and devices, and basics of operating systems, networking, and security. Read more
ET115 - DC Electronics
Undergraduate course
An introduction to electric circuits, covering basics like Ohm’s Law, series and parallel circuits, and basic circuit analysis. Included a lab component where students put together simple circuits using resistors and other components and learned to properly use equipment like voltmeters. Read more
GE127 - College Mathematics I
Undergraduate course
A first course in college algebra covering topics like polynomials and functions and their graphs. Read more
GE192 - College Mathematics II
Undergraduate course
A second course in college algebra including trigonemetry and an introduction to vectors. Read more
GE235 - Physics
Undergraduate course
An introductory algebra-based general physics course, covering key concepts of classical mechanics, thermodynamics, electromagnetism, and modern physics (quantum mechanics). Read more
IT106 - C++ 1
Undergraduate course
An introductory course on programming using the C++ language. We talked about basic operations and data types like arrays, objects and classes, inheritence, and exceptions. Related topics including UML modeling for classes. Read more
IT250 - Linux Operating System
Undergraduate course
An introduction course to the Linux operating system. Teaches basic utilities and use of UNIX-like operating system environment (e.g., command line utilities). Covers installation of the operating system, basic configuration of users and devices including network devices, and sets up a basic LAMP (Apache, MySQL, PHP) server instance for use in future coursework. Read more
ITA126 - Networking 1
Undergraduate course
An introduction course to basic computer networking, in preparation for the Network+ certification. Read more
IT217 - C++ 2
Undergraduate course
A second introductory course on programming using the C++ language. We covered additional data structures like linked lists, pointers, basic sorting algorithms, templates and the STL, and handling file I/O with proper exception handling. Read more
IT306 - Software Application Programming
Undergraduate course
An overview of software engineering principles. Covers software engineering ethics, common software development models like Waterfall or Agile methods, software requirements engineering, software testing, and project planning. Students worked in groups to plan their own software projects in either C++ or Java based on programming concepts they learned in earlier courses. Read more
IT302 - Linux System Administration
Undergraduate course
An intermediate course in the Linux operating system. Teaches administrative tasks necessary to install and maintain various Linux-based network services, including web server, DNS, email server, directory services (LDAP) with emphasis on basic security configuration. Cover basics of how protocols like TCP, IP, SMTP, etc., work. Read more
IT304 - Calculus (Mathematics III)
Undergraduate course
Mathematics III, an overview of basic differential and integral calculus. The course was meant mostly for students in the software/programming track, and so focused a little more on applications to computer science, for example, by introducing concepts like “Big-O” notation for algorithms in the context of limits. Read more