The dark side of vulnerability exploitation: A proposal for a research analysis

L. Allodi, F. Massacci

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Software security research has put much effort in evaluating security as a function of the expected number of vulnerabilities and their criticality. As hackers become more sophisticated and economicallydriven, I argue that exploitation activities are a much more interesting index of risk than the number of vulnerabilities: The economics of the black market can shed light on attacking processes and trends, and can be very useful in better assessing security and re-thinking patching behavior and patches priority.
Original languageEnglish
Title of host publicationESSoS-DS 2012 - Proceedings of the Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems 2012
Pages71-76
Publication statusPublished - 2012
Externally publishedYes
Event1st Doctoral Symposium on Engineering Secure Software and Systems 2012, ESSoS-DS 2012 - , Netherlands
Duration: 15 Feb 201215 Feb 2012

Publication series

NameCEUR Workshop Proceedings
ISSN (Print)1613-0073

Conference

Conference1st Doctoral Symposium on Engineering Secure Software and Systems 2012, ESSoS-DS 2012
Country/TerritoryNetherlands
Period15/02/1215/02/12

Fingerprint

Dive into the research topics of 'The dark side of vulnerability exploitation: A proposal for a research analysis'. Together they form a unique fingerprint.

Cite this