Garret Wassermann

Garret Wassermann

he/him

Software, Cybersecurity, Mathematics, Education

Posts by Tags

cybersecurity

New Personal PGP Key

Published:

1 minute read

Around when I started at the CERT Coordination Center in 2014, I created a personal PGP key for secure email communications to handle vulnerability reports. With that key going on a decade old, it seemed appropriate to retire it and create a newer key. Especially since newer crypto algorithms like ECC are becoming more popular, with the older RSA (possibly?) beginning to phase out. Trail of Bits for example has a blog post arguing to stop using RSA and instead adopt ECC, in particular Ed25519, for signing keys. Read more

Rust Ecosystem Security

Published:

less than 1 minute read

Below is a round up of some of my work at the Software Engineering Institute investigating secure coding in Rust and the security of the Rust ecosystem in terms of vulnerability analysis and reverse engineering work. Read more

Malware Analysis Tools for Ghidra

Published:

1 minute read

Below is a round up of some of my work at the Software Engineering Institute with Ghidra and developing automated tools for reverse engineering and static code analysis, particularly with an eye toward malware analysis. Read more

Coordinated Vulnerability Disclosure

Published:

1 minute read

Below is a round up of a series of blog posts I authored for the Software Engineering Institute blog describing the coordinated vulnerability disclosure (CVD) process and challenges in coordinating vulnerability responses with vendors. Read more

free software

Lost Knowledge As Libraries Go Online

Published:

4 minute read

My local library recently ended a pretty big sale; most of its books were sold for about $0.25 each. Many of the books were technical (though introductory level): programming, mathematics, sciences. But there was also a good amount of history and fiction available. I love books and snatched up a bunch, but I did so with a heavy heart at seeing so much knowledge being given up by a place of a learning – particularly when many of the shelves that used to hold books now hold DVDs. Read more

The GPL Is About User Freedom, Not Developers

Published:

4 minute read

Recently, in online communities and forums, and even professional organizations like ACM, I’ve been seeing an argument that the GNU General Public License (GPL) is restrictive, while more liberal licenses like the BSD and MIT licenses are “more free”. A recent column in April 2016’s Communications of the ACM repeated this obviously misunderstood statement with a pretty aggressive attack on the GPL. Read more