security vulnerabilities are clearly rising n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security vulnerabilities are clearly rising PowerPoint Presentation
Download Presentation
Security vulnerabilities are clearly rising

Loading in 2 Seconds...

play fullscreen
1 / 3

Security vulnerabilities are clearly rising - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

Security vulnerabilities are clearly rising. NVD = National Vulnerability Database CERT = US-CERT database OSVDB = Open Source Vulnerability Database. Published vulnerabilities cost a vendor real money. A study based on reald vulnerability announcements in 1999-2004 revealed an

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Security vulnerabilities are clearly rising


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Security vulnerabilities are clearly rising NVD = National Vulnerability Database CERT = US-CERT database OSVDB = Open Source Vulnerability Database

    2. Published vulnerabilities cost a vendor real money • A study based on reald vulnerability announcements in 1999-2004 revealed an • average drop of the concerned vendor's stock price • of 0.6% after each vulnerability announcement • Tehang / Wattal, Carnegie Mellon Univerisity, 2004 • "Impact of Software Vulnerability Announcements on the Market Value of Software Vendors – an Empirical Investigation" • ... not to mention the damage to the vendor's reputation

    3. Most vulnerabilities caused by careless programming • 64% of the vulnerabilities in ICAT (now: NVD) in 2004 are due to programming errors • 51% of those due to classic errors like buffer overflows, cross-site-scripting, injection flaws • Heffley/Meunier (2004): Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security? • Cross-site scripting, SQL injection at top of the statistics (CVE, Bugtraq) in 2006 • "We wouldn't need so much network security if we didn't have such bad software security" (Bruce Schneier)