This project aims to reduce the impact of software vulnerabilities in Internet-connected systems by developing data-driven techniques for vulnerability measurement, assessment, and notification. Recent advances in Internet-wide scanning make it possible to conduct network surveys of the full public IPv4 address space in minutes. These advances, in turn, offer the promise of truly effective community responses: when new vulnerabilities are announced, the Internet security community can comprehensively identify the systems that suffer from these vulnerabilities and automatically take steps to help affected system operators correct the problems. This project seeks to directly impact the availability and reliability of the Internet and provide the security community with tools, platforms, and comprehensive vulnerability measurement data. To achieve this vision, this project develops new techniques for vulnerability measurement, including creating improved security measurement techniques that function at global scale, in the presence of heterogeneous network systems, and in a timely, accurate, complete, and ethical manner. The investigators create new vulnerability assessment methods that lower the barriers faced by researchers seeking to access and analyze vulnerability measurement data, in order to maximize security benefits. The project explores new notification mechanisms that achieve targeted and effective notification of affected organizations, and that can be delivered and acted upon quickly in response to the emergence of new threats.
TWC: TTP Option: Large: Collaborative: Internet-Wide Vulnerability Measurement, Assessment, and Notification