Shostack + Friends Blog Archive


More on Economic Analysis of Vulnerabilities

Dave Aitel has a new presentation (“0Days: How Hacking Really Works“ [link to no longer works] ) on what it costs to attack. The big cost to attackers is not vulnerability discovery, but coding reliable exploits. (There’s an irony for you: Attackers are subject to the same issues with bad software as their victims.) The presentation is in OpenOffice format only right now, so the OpenOffice Viewer [link to no longer works] (in Java) may be helpful.

[Previous posts: Towards and Economic Analysis of Vulnerabilities [link to no longer works].]