Four experience reports demonstrate how the CERT Resilience Management Model can be applied to manage complex and diverse operational risks.

This minitrack focuses on research and automation techniques that can be applied to mobile platforms to ensure that developed software on these devices is secure and does not compromise other system properties. If you would like to contribute to the minitrack, visit the HICSS-47 website or send email to hicss47-minitrack@sei.cmu.edu.

This blog post describes the risks of using Microsoft Exchange features that use Oracle Outside In and what you can do about it.

This entry in the Spotlight On series summarizes such cases and insiders and provides recommendations for mitigating these incidents.

This blog post provides information about an effective approach to blocking exploits of CVE-2013-1347, the Internet Explorer 8 CGeneric Element object use-after-free vulnerability.

This blog post explains the importance of protecting your organization from the theft of sensitive information using USB media.

This blog post describes how Oracle's new guidance for Java applets may cause more harm than good.

This blog post describes how finding patterns in bulk registrations can help identify potentially malicious domains.

This blog entry describes how to use geoIP to view data and help your network situational awareness.

We are accepting abstracts for presentations, posters, and demonstrations for FloCon 2014, a network security conference that takes place in Charleston, South Carolina, on January 13-16, 2014.

This blog post looks at second level domain usage in 2012 for the most common generic Top Level Domains.

Secure Coding in C and C++, Second Edition identifies the root causes of today's most widespread software vulnerabilities, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.

This blog post presents a method for assessing how popular IPv6 is on the internet.

This blog post describes an alternate way to view advertised IP address space on the internet using publicly available information.

This technical note describes an analysis of the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders," which helps organizations mitigate the risk of insider theft of IP.

This blog post describes how you can calculate the growth rate of advertised IP address space on the internet using publicly available information.

This blog post introduces you to work done on an ontology for malware.

This blog entry describes the results of our three-month study of domains that change their name servers frequently.

This technical note presents the first common vocabulary for malware analysis.