Software security research has put much effort in evaluat- ing security as a function of the expected number of vulnerabilities and their criticality. As hackers become more sophisticated and economically- driven, I argue that exploitation activities are a much more interesting index of risk than the number of vulnerabilities: the economics of the black market can shed light on attacking processes and trends, and can be very useful in better assessing security and re-thinking patching be- havior and patches priority.

The dark side of vulnerability exploitation: a research proposal

Allodi, Luca;Massacci, Fabio
2012

Abstract

Software security research has put much effort in evaluat- ing security as a function of the expected number of vulnerabilities and their criticality. As hackers become more sophisticated and economically- driven, I argue that exploitation activities are a much more interesting index of risk than the number of vulnerabilities: the economics of the black market can shed light on attacking processes and trends, and can be very useful in better assessing security and re-thinking patching be- havior and patches priority.
Proceedings of the 2012 Engineering Secure Software and Systems Conference Doctoral Symposium
Netherlands
CEUR
Allodi, Luca; Massacci, Fabio
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11572/33422
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact