How to Predict Which Vulnerabilities Will Be Exploited - Tudor Dumitras - USENIX Enigma Conference - 2019

Explore the intricacies of predicting software vulnerability exploitation in this 21-minute conference talk from USENIX Enigma 2019. Delve into research findings based on data from 10 million hosts, uncovering insights on global vulnerability impact and exploitation trends. Learn about the decreasing fraction of exploited vulnerabilities despite their growing discovery rate, and understand why popular vulnerability metrics like CVSS scores poorly correlate with real-world exploits. Discover how combining technical vulnerability characteristics, social media information, and patching rates can create predictive models for assessing exploitation risks. Gain valuable knowledge on objectively evaluating defensive technologies, determining biggest security risks, and applying data-driven approaches to cybersecurity decision-making and policy formulation.

Intro
How Do You Give Security Advice?
To Patch or Not To Patch?
Can We Predict Exploits?
Must Validate Predictions-Exploits in the Wild
Machine Learning and Security Predictions
Prediction With Intrinsic Features
What Are We Predicting?
Intuition: CVE-2017-0144
Mining Twitter to predict Exploitation
Predicting Exploits in the Wild
Did We Get Lucky?
Time to Patch 50% of Vulnerable Hosts
One Vulnerability, Different Patches
Patching Patterns As Risk Factors
#3. Prediction Performance
What You Can Do Today
What You Can Do Tomorrow