Cybersecurity
Mon, Apr 22, 2024
Markets Matter: A Glance into the Spyware Industry
The Intellexa Consortium is a complex web of holding companies and vendors for spyware and related services. The Consortium represents a compelling example of spyware vendors in the context of the market in which they operate—one which helps facilitate the commercial sale of software driving both human rights and national security risk.
by Jen Roberts, Trey Herr, Emma Taylor, Nitansha Bansal
Thu, Apr 18, 2024
O$$ Security: Does More Money for Open Source Software Mean Better Security? A Proof of Concept
A proof-of-concept study looking for correlation between open source software project funding and security practices at scale.
by Sara Ann Brackett, John Speed Meyers, Stewart Scott
Wed, Feb 28, 2024
The 5×5—Alumni perspectives on Cyber 9/12 Strategy Challenge
Alumni of Cyber 9/12 Strategy Challenge share their experiences, and discuss the impact of such simulated exercises to prepare for real life cyber attacks.
Thu, Feb 15, 2024
Hacking with AI
Can generative AI help hackers? By deconstructing the question into attack phases and actor profiles, this report analyzes the risks, the realities, and their implications for policy.
Thu, Feb 8, 2024
Future-Proofing the Cyber Safety Review Board
The Cyber Safety Review Board seeks to examine and learn from complex failures in cyberspace. As Congress considers how to design its next iteration, there are ways to make it more effective and adaptable for the increasing challenges to come.
Fri, Jan 26, 2024
The Great Despiser: The BSA, Memory Safety, and How to Make a Good Argument Badly
Memory-safe programming languages are in the cyber policy mainstream, but some hesitation remains. Looking at the arguments around memory safety is informative for larger cyber policy debates too.
Wed, Jan 24, 2024
The 5×5—Forewarned is forearmed: Cybersecurity policy in 2024
Members of the Cyber Statecraft Initiative team discuss the regulatory requirements and emerging technology they are closely following in 2024, and forewarn of the year ahead.
Tue, Jan 16, 2024
Design Questions in the Software Liability Debate
Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.
by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz
Thu, Nov 30, 2023
The Kremlin and its proxies attempted to deflect the “spy antennas” scandal in Moldova
Pro-Russian entities attempted to divert attention away from the growing volume of potential intel-gathering equipment on its embassy roof
Wed, Nov 1, 2023
Hacker collectives take sides in the Mideast crisis
Telegram feeds of hacker groups document alleged attacks targeting Israel
by Ruslan Trad
Mon, Oct 30, 2023
Homogeneity and Concentration in the Browser
Web browsers are the gateway to the internet. As browser developers replicate design features and concentrate around shared underlying technologies, they create cybersecurity risks with the potential to impact many internet users at once.
by Justin Sherman and Jessica Edelson
Thu, Oct 12, 2023
Driving Software Recalls: Manufacturing Supply Chain Best Practices for Open Source Consumption
Product recalls require practices that can help software vendors move toward better component selection and tracking and better relationships with customers, all while making software vendors responsible for OSS security instead of maintainers.
by Jeff Wayman, Brian Fox