Share This Profile
Share this profile on Facebook.
Link to this profile on LinkedIn.
Tweet this profile on Twitter.
Email a link to this profile.
See other services through which you can share this profile.
This profile was last updated on 2/25/16  and contains information from public web pages and contributions from the ZoomInfo community.

Vulnerability Analyst

Phone: (412) ***-****  
Email: w***@***.org
CERT Coordination Center
4500 Fifth Avenue
Pittsburgh , Pennsylvania 15213
United States

Company Description: The CERT┬« Coordination Center (CERT/CC) is located at the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie...   more
Background

Employment History

118 Total References
Web References
"There is a big difference between ...
www.cio.com, 25 Feb 2016 [cached]
"There is a big difference between losing computer data and the safety risks involving a house or car," said Will Dormann, senior vulnerability analyst in the CERT division of the Carnegie Mellon Software Engineering Institute.
"When you have more real-world devices connected, there can be risks involving human life, which are obviously much more serious," he said.
There is a big difference between losing computer data and safety risks involving a house or car. willdormann
Will Dormann, senior vulnerability analyst, CERT division of the Carnegie Mellon Software Engineering Institute
...
But Dormann said the practical reality is that most consumers don't think much about security when they buy "smart" devices - they focus on features and price. "Security is usually not part of the purchasing decision," he said.
...
There is not even an established seal of approval from an Internet organization comparable to Underwriters Laboratories (UL) which, as Dormann put it, tests and certifies products so, "a consumer has some amount of certainty that it won't burn your house down."
Will Dormann, a Carnegie ...
www.siliconvalley.com, 12 Feb 2013 [cached]
Will Dormann, a Carnegie Mellon researcher who wrote the Java warning for the government, said the many flaws found in Java may partly stem from some security experts spending inordinate time scrutinizing it. He also noted that Java isn't the only software he's recommended disabling. He gave similar advice in December about Adobe's Macromedia Shockwave Player, which displays certain web content.
Even with Oracle's latest patches, he said it was unlikely the government would tell people "to turn it back on."
CERT's Podcast Series: Speaker Biographies
www.cert.org, 28 July 2011 [cached]
Will Dormann
Will Dormann has been a software vulnerability analyst with Carnegie Mellon Software Engineering Institute's CERT Coordination Center (CERT/CC) since 2004. His focus area includes web browser technologies, ActiveX, and fuzzing. Will has discovered thousands of vulnerabilities through the use of fuzzing tools and other techniques.
CERT Blogs
www.cert.org, 6 Jan 2015 [cached]
Will Dormann Hey, it's Will.
...
Will Dormann Hi folks, it's Will. Recently I have been investigating man-in-the-middle (MITM) techniques for analyzing network traffic generated by an application. In particular, I'm looking at web (HTTP and HTTPS) traffic.
...
Will Dormann In this blog post, Will Dormann discusses application downloads bundled with other software and how it affects your attack surface. Read this post
...
Will Dormann Last week, Will Dormann examined two exploit mitigations on the Linux platform. In this new post, Will explains how to add further exploit protections to Linux. Read this post Differences Between ASLR on Windows and Linux 02/10/2014 - CERT/CC
Differences Between ASLR on Windows and Linux Will Dormann Will Dormann explains how ASLR works on Linux and how it differs from ASLR on Windows. Read this post Feeling Insecure? Blame Your Parent! 02/03/2014 - CERT/CC
Feeling Insecure? Blame Your Parent! Will Dormann Will Dormann describes how parent properties can cause security problems for a child process. Read this post
...
Will Dormann Will Dormann describes a modification to FOE code to make it work better with another application and encourages others to modify the code themselves. Read this post
...
Will Dormann Will Dormann describes how to get BFF 2.7 to run on OS X Mavericks. Read this post
...
Will Dormann Will Dormann provides examples that illustrate why vulnerability analysts use attack vectors when they're examining software bugs and vulnerabilities. Read this post
...
Will Dormann
...
Will Dormann Will Dormann announces updates to CERT fuzzing tools, FOE and BFF, and describes the changes in the new versions. Read this post
...
Will Dormann Will Dormann discusses the risks, and their mitigations, of using forensics software to process untrusted data. Read this post The Risks of Microsoft Exchange Features that Use Oracle Outside In 06/04/2013 - CERT/CC
The Risks of Microsoft Exchange Features that Use Oracle Outside In Will Dormann Will Dormann describes the risks of using Microsoft Exchange features that use Oracle Outside In and what you can do about it. Read this post
...
Will Dormann Will Dormann describes how Oracle's new guidance for Java applets may cause more harm than good. Read this post
...
In light of a recent Java vulnerability, Will Dormann and Art Manion discuss why you should disable Java.
...
Will Dormann Will Dormann discusses EMET, an effective way of preventing vulnerabilities from being exploited. Read this post
...
Will Dormann Will Dormann discusses how Cisco addressed the vulnerabilities in its AnyConnect ActiveX and Java clients. Read this post Effectiveness of Microsoft Office File Validation 05/19/2011 - CERT/CC
Effectiveness of Microsoft Office File Validation Will Dormann Will Dormann tests the effectiveness of Office File Validation in protecting against attacks using malformed files. Read this post
...
Will Dormann Will Dormann discusses the results of a test that compares the fuzzing resiliency of Office and Oracle OpenOffice. Read this post
...
Will Dormann Will Dormann describes new functionality and performances improvements available in BFF 1.1. Read this post
...
Will Dormann Will Dormann discusses how to use BFF to discover vulnerabilities through mutational dumb fuzzing. Read this post
...
Will Dormann
...
Will Dormann Will Dormann discusses killbit, a MS Windows registry value that prevents an ActiveX control from being used by Internet Explorer. Read this post
...
Will Dormann Will Dormann discusses vulnerabilities in Adobe Reader and Foxit Reader PDF-viewing applications. Read this post Release of Dranzer ActiveX Fuzzing Tool 04/16/2009 - CERT/CC
Release of Dranzer ActiveX Fuzzing Tool Will Dormann Will Dormann announces the release of Dranzer, a CERT tool developed to test ActiveX controls. Read this post
...
Will Dormann Will Dormann discusses how the application resilience feature of Windows Installer can undo steps taken to mitigate a vulnerability. Read this post Internet Explorer Vulnerability Attack Vectors 02/19/2009 - CERT/CC
Internet Explorer Vulnerability Attack Vectors Will Dormann Will Dormann discusses attacks on Internet Explorer 7 vulnerability and less-obvious security impacts of the techniques used. Read this post Reference Implementations for Securing Your Web Browser Guidelines 01/09/2009 - CERT/CC
Reference Implementations for Securing Your Web Browser Guidelines Will Dormann Will Dormann describes reference implementations of the "Securing Your Web Browser" guidelines for IE and Firefox. Read this post
...
Will Dormann Will Dormann debunks a previously reported vulnerability in the CERT Secure Coding Standards website. Read this post
...
Will Dormann
...
Will Dormann Will Dormann describes how his team often discovers vulnerabilities while they test ActiveX controls. Read this post Signed Java Applet Security: Worse than ActiveX? 06/03/2008 - CERT/CC
Signed Java Applet Security: Worse than ActiveX? Will Dormann Will Dormann discusses the security implications of using Java applets. Read this post Is Your Adobe Flash Player Updated? 05/29/2008 - CERT/CC
Is Your Adobe Flash Player Updated? Will Dormann Will Dormann discusses the importance of ensuring that you are using the latest version of Flash Player. Read this post
...
Will Dormann Will Dormann discusses how malicious code was being executed in infected digital picture frames and investigated the Microsoft AutoRun and AutoPlay features. Read this post
"This control does not internally enforce ...
www.itworld.com, 8 July 2014 [cached]
"This control does not internally enforce any restrictions on which sites may invoke its methods, such as by using the SiteLock template," said Will Dormann, a vulnerability analyst at CERT/CC, in a security advisory published Monday. "This means that any website can invoke the methods exposed by the ScriptHelper ActiveX control."
Furthermore, upon installation, ScriptHelper is automatically placed on a list of pre-approved ActiveX controls in the system registry, bypassing a security feature first introduced in Internet Explorer 7 that prompts users for confirmation before executing ActiveX controls. It's also excluded from IE's Protected Mode, a security sandbox mechanism, Dormann said.
All these conditions make it possible for an attacker to execute malicious code on the computer of a user who has a vulnerable version of AVG Secure Search installed, if the user opens a specifically crafted HTML Web page, email message or attachment in Internet Explorer. The rogue code would be executed with the privileges of the logged-in user, Dormann said.
...
According to Dormann, this AVG Secure Search flaw is the perfect example of how third-party programs bundled with free software -- commonly known as adware, bloatware or foistware among users -- can increase the security risks for Internet users.
Accelerate your business with the industry's most comprehensive profiles on business people and companies.
Find business contacts by city, industry and title. Our B2B directory has just-verified and in-depth profiles, plus the market's top tools for searching, targeting and tracking.
Atlanta | Boston | Chicago | Houston | Los Angeles | New York
Browse ZoomInfo's business people directory. Our professional profiles include verified contact information, biography, work history, affiliations and more.
Browse ZoomInfo's company directory. Our company profiles include corporate background information, detailed descriptions, and links to comprehensive employee profiles with verified contact information.