Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


An advanced persistent threat, one that is difficult to discover, difficult to remove, and difficult to attribute, is easier in a low-end monoculture, easier in an environment where much of the computing is done by devices that are deaf and mute once installed or where those devices operate at the very bottom of the software stack, where those devices bring no relevant societal risk by their onesies and twosies, but do bring relevant societal risk at today's extant scales much less the scales coming soon.

We agree.


< 9. Conclusion | Appendix B - Traffic Light Protocol >


  1. A. Householder, "What's Different About Vulnerability Analysis and Discovery in Emerging Networked Systems?" 6 January 2015. [Online]. Available: [Accessed 16 May 2017].
  2. A. Householder, "Vulnerability Discovery for Emerging Networked Systems," 20 November 2014. [Online]. Available: [Accessed 16 May 2017].
  3. MITRE, "Common Vulnerabilities and Exposures," [Online]. Available: [Accessed 16 May 2017].
  4. National Institute of Standards and Technology, "National Vulnerability Database," [Online]. Available: [Accessed 16 May 2017].
  5. JPCERT/CC and IPA, "Japan Vulnerability Notes," [Online]. Available: [Accessed 16 May 2017].
  6. CERT/CC, "Vulnerability Notes Database," [Online]. Available: [Accessed 16 May 2017].
  7. D. Geer, "Security of Things," 14 May 2014. [Online]. Available: [Accessed 16 May 2017].