Lots of people using "sparse" vs "dense" to reason about vulnerability research recently, but I'm not convinced that it's a useful exercise
-
-
The latter is less subjective because at the very least you can measure "cost per bug per researcher" for a given attack surface over time.
-
There are many attack surfaces where we can't currently get on the right side of the ratio, but there are some important areas where we can
- 4 more replies
New conversation -
-
-
@benhawkes I tried to pick this apart in a post to dailydave using vsftpd as an example. https://lists.immunityinc.com/pipermail/dailydave/2014-November/000813.html … -
@benhawkes I think you're nearly right, it has everything to do with pace of software development. When feature dev slows, bugs trend down. - 7 more replies
New conversation -
-
-
@benhawkes@LilyAblon But re: the measured ratio of fixes:introduction, it's biased by lack of information on exploits- so use it with care!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.