The last post on the Mortman/Hutton model today is the most important. You see, the primary idea (to me) behind the Mortman/Hutton model was never really to come to a strict or broadly accepted model for discussing what factors drive the creation and adoption of exploit code. That was and is a vehicle for what [...]
Following up on my previous post, here’s Part 2, “The Factors that Drive Probable Use”. This is the meat of our model. Follow up posts will dig deeper into Parts 1 and 2. At Black Hat we’ll be applying this model to the vulnerabilities that are going to be released at the show. But before [...]
I wanted to throw it out here as an example of how you would the model from my earlier post in real life. So let’s take the recently released Internet Explorer security vulnerability and see how it fits. Now this is a pretty brain-dead example and hardly requires a special tool, but I think it [...]
Robin Hanson has an interesting article, “Desert Errors:” His findings stayed secret until 1947, when he was allowed to publish his pioneering Physiology of Man in the Desert. It went almost entirely unnoticed. In the late 1960s, marathon runners were still advised not to drink during races and until 1977, runners in international competitions were [...]
Not much to add, but a good article in Business Week on Lessons from the Data Breach at Heartland. Well worth reading…
Alex and I will be on a panel, A Black Hat Vulnerability Risk Assessment, at this year’s Black Hat. We’ll be discussing the need to perform a risk assessment of vulnerabilities as you become aware of them in a deeper context then just looking at the CVSS scores. Things to consider are what compensating controls [...]