No Photo Available

Last Update


This profile was last updated on .

Is this you? Claim your profile.

Wrong Will Dormann?

Will Dormann

Vulnerability Analyst

CERT Coordination Center

Direct Phone: (412) ***-****       

Email: w***@***.org

Get ZoomInfo Grow

+ Get 10 Free Contacts a Month

Please agree to the terms and conditions

I agree to the Terms of Service and Privacy Policy. I understand that I will receive a subscription to ZoomInfo Grow at no charge in exchange for downloading and installing the ZoomInfo Contact Contributor utility which, among other features, involves sharing my business contacts as well as headers and signature blocks from emails that I receive.

CERT Coordination Center

Carnegie Mellon University 4500 Fifth Avenue

Pittsburgh, Pennsylvania 15213

United States

Company Description

CERT is an organization devoted to ensuring that appropriate technology and systems management practices are used to resist attacks on networked systems and to limiting damage and ensure continuity of critical services in spite of successful attacks, acci ... more

Find other employees at this company (222)

Background Information

Web References (197 Total References)

CERT's Podcast Series: Speaker Biographies [cached]

Will Dormann

Will Dormann has been a software vulnerability analyst with Carnegie Mellon Software Engineering Institute's CERT Coordination Center (CERT/CC) since 2004. His focus area includes web browser technologies, ActiveX, and fuzzing. Will has discovered thousands of vulnerabilities through the use of fuzzing tools and other techniques.

Microsoft's decision to retire security tool is myopic | Computerworld [cached]

"Windows 10 does not provide all of the mitigation features that EMET administrators have come to rely on," Will Dormann, a vulnerability analyst at CERT/CC (Computer Emergency Response Team Coordination Center), wrote in a post to the group's blog last week. CERT/CC is a partner of US-CERT, the arm of the Department of Homeland Security tasked with cyber-defense warnings and attack investigations.

EMET, or Enhanced Mitigation Experience Toolkit, is a seven-year-old anti-exploit tool that Microsoft has touted to deflect malicious attacks. EMET has been regularly recommended by the company to protect Windows PCs until a proper patch can be issued, for example.
Dormann was reacting to a Nov. 3 announcement by Microsoft that it would drop support of EMET at the end of July 2018.
Dormann wasn't buying it.
Although EMET's most prominent system-wide mitigations were, as Microsoft said, built into Windows 10 (and before that, Windows 7 and Windows 8), the tool's value came from its ability to protect individual applications, especially older programs, Dormann said. "Even though the underlying Windows operating system supports a mitigation, doing so does not necessarily mean that it will be applied to an application," he wrote.
Those application-specific anti-exploit defenses are simply not integrated into Windows 10, Dormann contended. "Microsoft strongly implies that if you are running Windows 10, there is no need for EMET anymore. This implication is not true," he said.
Dormann asserted that EMET was a valuable tool, even to Windows 10 users, and inferred that Microsoft is killing it off too quickly. "It is pretty clear that an application running on a stock Windows 10 system does not have the same protections as one running on a Windows 10 system with EMET properly configured," Dormann said.
EMET will continue to work after mid-2018, Dormann noted, even though it will be out of support; it will not suddenly stop running.
Will Dormann

Which is part of the problem, ... [cached]

Which is part of the problem, says Will Dormann, senior vulnerability analyst at the CERT Coordination Center (CERT/CC).

"Even when users are interested in and looking for this information, the vendor doesn't always make it easy," Dormann said.
Dormann said instead of hard-coding credentials or setting default usernames and passwords that many users will never change, hardware makers should require users to pick a strong password when setting up the device.
Indeed, according to this post from video surveillance forum IPVM, several IoT device makers - including Hikvision, Samsung, and Panasonic - have begun to require unique passwords by default, with most forcing a mix of upper and lowercase letters, numbers, and special characters.
"As long as the password can't be reversed - for example, an algorithm based off of a discoverable tidbit of information - that would be a reasonable level of security. Dormann said.
"When it comes to software updates, automatic updates are good," Dormann said.

Google security and product safety – Company – Google [cached]

Will Dormann of CERT

These vulnerabilities were reported by ... [cached]

These vulnerabilities were reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.
This document was written by Will Dormann.

Similar Profiles

Other People with this Name

Other people with the name Dormann

Jeff Dormann
GovX , Inc.

Martina Dörmann
Baird's CMC Ltd

Benedikt Dormann
NICE Systems Ltd

Brian Dormann
Emerling Ford Mercury Inc

Michael Dormann

City Directory Icon

Browse ZoomInfo's Business Contact Directory by City

People Directory Icon

Browse ZoomInfo's
Business People Directory

Company Directory Icon

Browse ZoomInfo's
Advanced Company Directory