Publications | Papers | Articles | Talks | Press
Press & Media Coverage
Some of my work resonated quite well with local and international press and media and I am frequently consulted for expert interviews.
DarkReading, The Wall Street Journal, The Economist, eWeek, KrebsOnSecurity, CSO Online, Yahoo Finance, Huawei, SC Magazine, MIT Technology Review, The Register, Ars Technica, WashingtonPost, The Guardian, BBC News, Schneier on Security, The Washington Post, Information Week, New Scientist
Print & Online Media
- DarkReading | Cybersecurity Certification in the Spotlight Again - Sep 2019 | Press (en)
Swiss technology non-profit group joins others, such as the Obama-era President’s Commission, in recommending that certain classes of technology products be tested.
- The Wall Street Journal | Google’s Project Zero Targets Cybersecurity Research - Jun 2014 | Press (en)
So-called zero day vulnerabilities – software bugs that have not been previously discovered – can fetch anywhere from $40,000 up to $1 million
- The Economist | Computer Security, A digital fortress? - Mar 2014 | Press (en)
Measuring the severity of the problem is difficult because of the lucrative black market in zero-day exploits
- eWeek | Global Bounty Program to Cut Software Flaw Prevalence - Dec 2013 | Press (en)
A new study proposes that software firms buy the most critical code flaws as a cost-effective way to reduce rising economic losses from cyber-crime
- KrebsOnSecurity | The Case for a Compulsory Bug Bounty - Dec 2013 | Press (en)
Security experts have long opined that one way to make software more secure is to hold software makers liable for vulnerabilities in their products.
- KrebsOnSecurity | How Many Zero-Days Hit You Today? - Dec 2013 | Press (en)
Frei pored over reports from and aboutprivate vendors - including boutique exploit providers like Endgame Systems, Exodus, Netragard, ReVuln and VUPEN - and concluded that jointly these firms alone have the capacity to sell more than 100 zero-day exploits per year.
- eWeek | Stacked Security Tools Detect Less Malware than Predicted - May 2013 | Press (en)
The study found that many products missed a “significant number” of older exploits, and that basic evasion techniques foiled many defenses.
- CSO Online | Layered defenses largely fail to block exploits - May 2013 | Press (en)
Research lab finds a mix of products from different vendors is best for ‘defense in depth’
- KrebsOnSecurity | Flaw Flood Busts Bug Bank - Feb 2013 | Press (en)
NSS’s Stefan Frei found that 2012 reversed a long running trend of decreasing vulnerability disclosures each year.
- Yahoo Finance | NSS Labs Vulnerability Threat Report - Feb 2013 | Press (en)
NSS Labs Vulnerability Threat Report Sees Significant Rise in Vulnerability Disclosures in 2012 After 5 Years of Decline
- Huawei | HUAWEI Cyber Security Perspectives - Mar 2012 | Press (en)
In a presentation to the RSA Conference Dr Stefan Frei articulated how the threat environment is changing.
- CSO Online | Better security needs ‘more informed patching’ - Jul 2011 | Press (en)
Security firm Secunia finds that the most popular three-dozen programs account for 80 percent of vulnerabilities.
- SC Magazine | Unpatched PCs remain a threat - Jan 2011 | Press (en)
An unpatched PC is a greater threat than any zero-day vulnerabilit
- MIT Technology Review | Patching the Security Update Process - Mar 2010 | Press (en)
There is ample evidence to suggest that the average user can’t be bothered to installsecurity updates in a timely fashion–unless the process is more or less automated.
- KrebsOnSecurity | Yep, There’s a Patch for That - Mar 2010 | Press (en)
Those programs come from more than 22 vendors, so as a first order estimate the number of different vendors you have on your box is the number of different update mechanisms you have to master,” Frei said. “This is doomed to fail
- The Register | Think software patching is a hassle? You’re not alone - Mar 2010 | Press (en)
In fact, it is highly unlikely that even skilled enthusiasts will patch their systems as frequently as the whitepaper’s findings indicate.
- Ars Technica | Firefox, Chrome users more up to date than Safari and Opera - May 2009 | Press (en)
Firefox, Chrome users more up to date than Safari and Opera
- WashingtonPost | Safari, Opera Users Lag Behind in Security Updates - May 2009 | Press (en)
The analysis, from researchers at Google Switzerland and the ETH Zurich, pored through anonymized logs from Google’s Web servers
- Ars Technica | Convenience is number one factor in keeping browsers secure - Jan 2009 | Press (en)
A crawl through Google’s search logs reveals that end users are generally …
- The Register | Easy updates best for browser patching - Jan 2009 | Press (en)
Easy update mechanisms have a far greater effect on browser patching than perceived threats or other factors, according to a new study by Google and Swiss academics.
- The Guardian | Software makers should take responsibility - Jul 2008 | Press (en)
A recent study of Internet browsers worldwide discovered that over half - 52% - of Internet Explorer users weren’t using the current version of the software.
- BBC News | Online risk due to browser flaws - Jul 2008 | Press (en)
Almost half the online population is at risk because users have not installed security updates to their browsers, says a study.
- The Register | Built-in browser expiry proposed to fight botnet menace - Jul 2008 | Press (en)
Built-in browser expiry proposed to fight botnet menace - 45% fail to update surfing software.
- Schneier on Security | Browser Insecurity - Jul 2008 | Press (en)
This excellent paper measures insecurity in the global population of browsers, using Google’s web server logs
- The Washington Post | Forty Percent of Web Users Surf With Unsafe Browsers - Jul 2008 | Press (en)
The report concluded that Firefox users were more likely to be using the latest version because Mozilla’s patch process is the quickest and most painless (no arguments there).
- The Register | Apple lags MS in security response - Mar 2008 | Press (en)
Apple is trailing way behind Microsoft in security patch responsiveness, according to a study by security researchers.
- Information Week | Apples Security Patch Process Gets Worse While Microsofts Gets Better - Mar 2008 | Press (en)
Swiss researchers suggest that the revived popularity of Apple’s products may have left the company unable to keep up with security risks.
- New Scientist | Email attack could kill servers - Apr 2004 | Press (en)
A crafty way of knocking out any email server using a few carefully constructed emails has been identified by a team of computer security experts.
- The Register | The Joe Job DoS attack - Apr 2004 | Press (en)
A problem with the way that non-delivery notifications are sent by many mail servers could be exploited to launch “mail bomb” denial of service attacks.