More on Economic Analysis of Vulnerabilities
Dave Aitel has a new presentation (“0Days: How Hacking Really Works“) on what it costs to attack. The big cost to attackers is not vulnerability discovery, but coding reliable exploits. (There’s an irony for you: Attackers are subject to the same issues with bad software as their victims.) The presentation is in OpenOffice format only right now, so the OpenOffice Viewer [link to http://os.up.edu.ph/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=27&ttitle=OpenOffice.org_Viewe no longer works] (in Java) may be helpful.
[Previous posts: Towards an Economic Analysis of Vulnerabilities.]