Share This Profile
Share this profile on Facebook.
Link to this profile on LinkedIn.
Tweet this profile on Twitter.
Email a link to this profile.
See other services through which you can share this profile.
This profile was last updated on 3/30/15  and contains information from public web pages and contributions from the ZoomInfo community.

Vulnerability Analyst

Phone: (412) ***-****  
Email: w***@***.org
CERT Coordination Center
4500 Fifth Avenue
Pittsburgh , Pennsylvania 15213
United States

Company Description: The CERT┬« Coordination Center (CERT/CC) is located at the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie...   more
Background

Employment History

117 Total References
Web References
Adobe Shockwave Includes Severely Outdated Version of Flash - San Diego Computer Consultants
sdpcfix.com, 1 Aug 2014 [cached]
The vulnerability was initially discovered & reported to Adobe back in December of 2012 by Will Dormann, a security researcher on Carnegie Mellon University's Computer Emergency Response Team (CERT). There wasn't much fuss then, but the vulnerability is finally getting the attention it deserves after catching the eye of Brian Krebs of KrebsonSecurity, who caught wind of it after Dormann commented on a post reviewing the adoption rate of Adobe Flash Player updates.
...
In his 2012 advisory, Dormann wrote that Shockwave Player 12.1.1.151 (the current version) comes with Flash version 11.5.502.146, which was last updated January 2013 and contains several exploitable vulnerabilities.
Will Dormann, a Carnegie ...
www.siliconvalley.com, 12 Feb 2013 [cached]
Will Dormann, a Carnegie Mellon researcher who wrote the Java warning for the government, said the many flaws found in Java may partly stem from some security experts spending inordinate time scrutinizing it. He also noted that Java isn't the only software he's recommended disabling. He gave similar advice in December about Adobe's Macromedia Shockwave Player, which displays certain web content.
Even with Oracle's latest patches, he said it was unlikely the government would tell people "to turn it back on."
CERT's Podcast Series: Speaker Biographies
www.cert.org, 28 July 2011 [cached]
Will Dormann
Will Dormann has been a software vulnerability analyst with Carnegie Mellon Software Engineering Institute's CERT Coordination Center (CERT/CC) since 2004. His focus area includes web browser technologies, ActiveX, and fuzzing. Will has discovered thousands of vulnerabilities through the use of fuzzing tools and other techniques.
The exploits, co-authored by Micalizzi ...
www.pcworld.com [cached]
The exploits, co-authored by Micalizzi and Will Dorman, a vulnerability researcher at the Carnegie Mellon Software Engineering Institute's CERT Coordination Center, produce buffer overflows on IE6 and would let attackers run additional malicious code.
CERT Blogs
www.cert.org, 6 Jan 2015 [cached]
Will Dormann Hey, it's Will.
...
Will Dormann Hi folks, it's Will. Recently I have been investigating man-in-the-middle (MITM) techniques for analyzing network traffic generated by an application. In particular, I'm looking at web (HTTP and HTTPS) traffic.
...
Will Dormann In this blog post, Will Dormann discusses application downloads bundled with other software and how it affects your attack surface. Read this post
...
Will Dormann Last week, Will Dormann examined two exploit mitigations on the Linux platform. In this new post, Will explains how to add further exploit protections to Linux. Read this post Differences Between ASLR on Windows and Linux 02/10/2014 - CERT/CC
Differences Between ASLR on Windows and Linux Will Dormann Will Dormann explains how ASLR works on Linux and how it differs from ASLR on Windows. Read this post Feeling Insecure? Blame Your Parent! 02/03/2014 - CERT/CC
Feeling Insecure? Blame Your Parent! Will Dormann Will Dormann describes how parent properties can cause security problems for a child process. Read this post
...
Will Dormann Will Dormann describes a modification to FOE code to make it work better with another application and encourages others to modify the code themselves. Read this post
...
Will Dormann Will Dormann describes how to get BFF 2.7 to run on OS X Mavericks. Read this post
...
Will Dormann Will Dormann provides examples that illustrate why vulnerability analysts use attack vectors when they're examining software bugs and vulnerabilities. Read this post
...
Will Dormann
...
Will Dormann Will Dormann announces updates to CERT fuzzing tools, FOE and BFF, and describes the changes in the new versions. Read this post
...
Will Dormann Will Dormann discusses the risks, and their mitigations, of using forensics software to process untrusted data. Read this post The Risks of Microsoft Exchange Features that Use Oracle Outside In 06/04/2013 - CERT/CC
The Risks of Microsoft Exchange Features that Use Oracle Outside In Will Dormann Will Dormann describes the risks of using Microsoft Exchange features that use Oracle Outside In and what you can do about it. Read this post
...
Will Dormann Will Dormann describes how Oracle's new guidance for Java applets may cause more harm than good. Read this post
...
In light of a recent Java vulnerability, Will Dormann and Art Manion discuss why you should disable Java.
...
Will Dormann Will Dormann discusses EMET, an effective way of preventing vulnerabilities from being exploited. Read this post
...
Will Dormann Will Dormann discusses how Cisco addressed the vulnerabilities in its AnyConnect ActiveX and Java clients. Read this post Effectiveness of Microsoft Office File Validation 05/19/2011 - CERT/CC
Effectiveness of Microsoft Office File Validation Will Dormann Will Dormann tests the effectiveness of Office File Validation in protecting against attacks using malformed files. Read this post
...
Will Dormann Will Dormann discusses the results of a test that compares the fuzzing resiliency of Office and Oracle OpenOffice. Read this post
...
Will Dormann Will Dormann describes new functionality and performances improvements available in BFF 1.1. Read this post
...
Will Dormann Will Dormann discusses how to use BFF to discover vulnerabilities through mutational dumb fuzzing. Read this post
...
Will Dormann
...
Will Dormann Will Dormann discusses killbit, a MS Windows registry value that prevents an ActiveX control from being used by Internet Explorer. Read this post
...
Will Dormann Will Dormann discusses vulnerabilities in Adobe Reader and Foxit Reader PDF-viewing applications. Read this post Release of Dranzer ActiveX Fuzzing Tool 04/16/2009 - CERT/CC
Release of Dranzer ActiveX Fuzzing Tool Will Dormann Will Dormann announces the release of Dranzer, a CERT tool developed to test ActiveX controls. Read this post
...
Will Dormann Will Dormann discusses how the application resilience feature of Windows Installer can undo steps taken to mitigate a vulnerability. Read this post Internet Explorer Vulnerability Attack Vectors 02/19/2009 - CERT/CC
Internet Explorer Vulnerability Attack Vectors Will Dormann Will Dormann discusses attacks on Internet Explorer 7 vulnerability and less-obvious security impacts of the techniques used. Read this post Reference Implementations for Securing Your Web Browser Guidelines 01/09/2009 - CERT/CC
Reference Implementations for Securing Your Web Browser Guidelines Will Dormann Will Dormann describes reference implementations of the "Securing Your Web Browser" guidelines for IE and Firefox. Read this post
...
Will Dormann Will Dormann debunks a previously reported vulnerability in the CERT Secure Coding Standards website. Read this post
...
Will Dormann
...
Will Dormann Will Dormann describes how his team often discovers vulnerabilities while they test ActiveX controls. Read this post Signed Java Applet Security: Worse than ActiveX? 06/03/2008 - CERT/CC
Signed Java Applet Security: Worse than ActiveX? Will Dormann Will Dormann discusses the security implications of using Java applets. Read this post Is Your Adobe Flash Player Updated? 05/29/2008 - CERT/CC
Is Your Adobe Flash Player Updated? Will Dormann Will Dormann discusses the importance of ensuring that you are using the latest version of Flash Player. Read this post
...
Will Dormann Will Dormann discusses how malicious code was being executed in infected digital picture frames and investigated the Microsoft AutoRun and AutoPlay features. Read this post
Other People with the name "Dormann":
Other ZoomInfo Searches
Accelerate your business with the industry's most comprehensive profiles on business people and companies.
Find business contacts by city, industry and title. Our B2B directory has just-verified and in-depth profiles, plus the market's top tools for searching, targeting and tracking.
Atlanta | Boston | Chicago | Houston | Los Angeles | New York
Browse ZoomInfo's business people directory. Our professional profiles include verified contact information, biography, work history, affiliations and more.
Browse ZoomInfo's company directory. Our company profiles include corporate background information, detailed descriptions, and links to comprehensive employee profiles with verified contact information.