As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, conference papers, and webcasts highlighting our work in vulnerabilities, privacy, software architecture, digital engineering, container adoption efforts, ransomware, and the Solar Winds Hack.
These publications highlight the latest work of SEI technologists in these areas. This post includes a listing of each publication, author(s), and links where they can be accessed on the SEI website.
Attacking COM via Word RTF
by Will Dormann
Do you remember Internet Explorer version 6 (IE6), and the fun we had with ActiveX? We’ve come a long way since then, right? Or have we? In this presentation, given at GRIMMCon 0x4, Will Dormann describes how Microsoft Word 2019 on Windows 10 is not too different from the dark old days of the IE6 ActiveX attack surface.
Download the presentation.
Amplifying Your Privacy Program: Strategies for Success
by Daniel L. Costa, Carrie Gardner
Privacy protection isn’t just a compliance activity. It’s also a key area of organizational risk that requires enterprise-wide support and participation; careful planning; and forward-leaning, data-driven controls. This webcast highlights best practices for privacy program planning and implementation. It also presents strategies for leveraging existing capabilities within your organization to further advance privacy program building. In addition, it looks ahead to emerging research and operational needs for modernizing privacy programs.
The presenters discuss
The state of the practice for privacy program planning and developmentHow to align privacy program planning and development activities with related efforts within your organizationAreas of ongoing and future research into privacy frameworks, privacy risk management, and privacy controls efficacy
Modeling and Validating Security and Confidentiality in System Architectures
by Aaron Greenhouse, Jörgen Hansson (University of Skovde), Lutz Wrage
The importance of security in computer and information systems is increasing as network-connected computer systems become more ubiquitous. The objective of security is to verify that the computing platform is secured and that data and information
This article is purposely trimmed, please visit the source to read the full article.