Hello, Vulnerability Garden 🪴

Farewell “Designer Vulnerabilities”, and hello Vulnerability Garden 🪴 — the new (and improved) space for cataloguing all named vulnerabilities, attack techniques and exploits. When I first started the blog I had but two ideas for things to write about. One of those things was the list of “named” vulnerabilities. At the time, I had been working in vulnerability management and as such had dealt with a lot of these pesky bugs (e.g. POODLE, EternalBlue, VENOM, SuperFish, Shellshock, Heartbleed, and a whole host of assorted SSL/TLS bugs). The fact that they had special names was both amusing and at times annoying, as this particular trait often drew unnecessary attention from leadership, regardless of the vuln’s real-world severity or applicability in our actual environment. In 2019 I began collecting these named vulns, the links to where these vulns were first published and where possible, their respective CVE numbers. For vulns that didn’t have a CVE allocated, I would record the…