Buying into the Bias - Why Vulnerability Statistics Suck
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a critical analysis of vulnerability statistics in this 57-minute Black Hat USA 2013 conference talk. Delve into the flaws and misuses of vulnerability data from repositories like CVE and OSVDB, as presented by Brian Martin and Steve Christey. Examine how academic researchers, journalists, and vendors often misinterpret and misuse this data to draw faulty conclusions about security trends and product comparisons. Learn about the various biases and limitations inherent in vulnerability data collection and analysis. Gain insights into how to critically evaluate vulnerability studies and statistics to make more informed security decisions. Discover concrete examples of both problematic and relatively sound approaches to vulnerability analysis. Understand the complexities of vulnerability observation, cataloging, and annotation processes. Benefit from vendor-neutral suggestions for improving the industry's approach to vulnerability statistics, while also encountering a more critical perspective on current practices.
Syllabus
Black Hat USA 2013 - Buying into the Bias: Why Vulnerability Statistics Suck
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube