Shostack + Friends Blog Archive

 

More on Economic Analysis of Vulnerabilities

Dave Aitel has a new presentation (“0Days: How Hacking Really Works“ [link to http://www.immunitysec.com/resources-papers.shtml no longer works] ) on what it costs to attack. The big cost to attackers is not vulnerability discovery, but coding reliable exploits. (There’s an irony for you: Attackers are subject to the same issues with bad software as their victims.) The presentation is in OpenOffice format only right now, so the OpenOffice Viewer [link to http://os.up.edu.ph/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=27&ttitle=OpenOffice.org_Viewe no longer works] (in Java) may be helpful.

[Previous posts: Towards and Economic Analysis of Vulnerabilities [link to http://www.emergentchaos.com/archives/000855.html no longer works].]