Shostack + Friends Blog Archive


More on Economic Analysis of Vulnerabilities

Dave Aitel has a new presentation (“0Days: How Hacking Really Works“) on what it costs to attack. The big cost to attackers is not vulnerability discovery, but coding reliable exploits. (There’s an irony for you: Attackers are subject to the same issues with bad software as their victims.) The presentation is in OpenOffice format only right now, so the OpenOffice Viewer (in Java) may be helpful.

[Previous posts: Towards and Economic Analysis of Vulnerabilities.]