U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Peter Mell (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 129

A Security Perspective on the Web3 Paradigm

February 25, 2025
Author(s)
Dylan Yaga, Peter Mell
Web3 is a proposed vision for the future of the internet that is restructured to be more user-centric with an emphasis on decentralized data. Users would own and manage their personal data, and systems would be decentralized and distributed. Digital tokens

Hardware Security Failure Scenarios

November 13, 2024
Author(s)
Peter Mell, Irena Bojanova
Historically, hardware has been assumed to be inherently secure. However, chips are both created with software and contain complex encodings (e.g., circuit designs and firmware). This leads to bugs, some of which compromise security. This publication

Measuring the Exploitation of Weaknesses in the Wild

June 26, 2024
Author(s)
Peter Mell, Irena Bojanova, Carlos Eduardo Cardoso Galhardo
Identifying the software weaknesses exploited by attacks supports efforts to reduce developer introduction of vulnerabilities and to guide security code review efforts. A weakness is a bug or fault type that can be exploited through an operation that

Non-Fungible Token Security

March 1, 2024
Author(s)
Peter Mell, Dylan Yaga
Non-fungible token (NFT) technology provides a mechanism to enable real assets (both virtual and physical) to be sold and exchanged on a blockchain. While NFTs are most often used for autographing digital assets (associating one's name with a digital

Understanding Stablecoin Technology and Related Security Considerations

September 5, 2023
Author(s)
Peter Mell, Dylan Yaga
Stablecoins are cryptocurrencies whose price is pegged to that of another asset (typically one with low price volatility). The market for stablecoins has grown tremendously – up to almost $200 billion USD in 2022. These coins are being used extensively in

Recommendations for Federal Vulnerability Disclosure Guidelines

May 24, 2023
Author(s)
Kim B. Schaffer, Peter Mell, Hung Trinh, Isabel Van Wyk
Receiving reports on suspected security vulnerabilities in information systems is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce

Empirical Validation of Automated Vulnerability Curation and Characterization

February 23, 2023
Author(s)
Ahmet Okutan, Peter Mell, Medhi Mirakhorli, Igor Khokhlov, Joanna Santos, Danielle Gonzalez, Steven Simmons
Prior research has shown that public vulnerability systems such as US National Vulnerability Database (NVD) rely on a manual, time-consuming, and error-prone process which has led to inconsistencies and delays in releasing final vulnerability results. This

Measuring the Common Vulnerability Scoring System Base Score Equation

November 15, 2022
Author(s)
Peter Mell, Jonathan Spring, Dave Dugal, Srividya Ananthakrishna, Francesco Casotto, Troy Fridley, Christopher Ganas, Arkadeep Kundu, Phillip Nordwall, Vijayamurugan Pushpanathan, Daniel Sommerfeld, Matt Tesauro, Christopher Turner
This work evaluates the validity of the Common Vulnerability Scoring System (CVSS) Version 3 ''base score'' equation in capturing the expert opinion of its maintainers. CVSS is a widely used industry standard for rating the severity of information

A Decade of Reoccurring Software Weaknesses

June 24, 2021
Author(s)
Assane Gueye, Carlos Galhardo, Irena Bojanova, Peter Mell
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to

A Historical and Statistical Study of the Software Vulnerability Landscape

April 18, 2021
Author(s)
Assane Gueye, Peter Mell
Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their severity scores

Measurements of the Most Significant Software Security Weaknesses

December 6, 2020
Author(s)
Carlos E. Cardoso Galhardo, Peter Mell, Irena Bojanova, Assane Gueye
In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CWE) is a well

A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems

January 14, 2020
Author(s)
Loic D. Lesavre, Priam C. Varin, Peter M. Mell, Michael S. Davidson, James Shook
Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing within organizations and on the web. Traditional identity systems typically suffer from single points of failure