Dailydave mailing list archives
Re: Faster, smashter. (fwd)
From: Charles Miller <cmiller () securityevaluators com>
Date: Wed, 10 Dec 2008 09:28:34 -0600
I wrote some about this too: http://weis2007.econinfosec.org/papers/29.pdf I like the idea of a derivative market. Its the only way I've heard where you can make money by dropping 0-days on full disclosure, for example. The drawback is that I know I can make 100k for my IE exploit, but I don't know how much I can make by buying the "IE sucks" derivative. There will only be so many people willing to buy the "IE is rock solid" one and once I start buying up the "IE sucks" one, it will be even harder to make a big score. Charlie On Dec 10, 2008, at 1:40 AM, Thorsten Holz wrote:
On Dec 10, 2008, at 3:19 AM, sinan.eren () immunitysec com wrote:I would appreciate ideas to tie the value of a vulnerability to a premium, any quants who do security as well ?Rainer Böhme discussed the idea of exploit derivatives and cyber- insurances in a talk at CCC'05: http://events.ccc.de/congress/2005/fahrplan/events/801.en.html There is also a paper from the Workshop on the Economics of Information Security (WEIS 2005), in which Böhme discusses these ideas in more detail: http://infosecon.net/workshop/pdf/15.pdf Pretty interesting concept, but some obstacles need to be taken when implementing such a market (monoculture, correlation of attacks and such). Cheers, Thorsten _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Faster, smashter. (fwd), (continued)
- Re: Faster, smashter. (fwd) BEES INC (Dec 10)
- Re: Faster, smashter. (fwd) Jon Passki (Dec 10)
- Re: Faster, smashter. (fwd) BEES INC (Dec 11)
- Re: Faster, smashter. (fwd) Jon Passki (Dec 11)
- Robert Seacord on the CERT C Secure Coding Standard Robert Seacord (Dec 16)
- Message not available
- Re: Robert Seacord on the CERT C Secure Coding Standard Robert Seacord (Dec 17)
- Re: Faster, smashter. (fwd) Jon Passki (Dec 10)
- Re: Faster, smashter. (fwd) BEES INC (Dec 10)
- Re: Faster, smashter. (fwd) Matthew Wollenweber (Dec 11)
- Re: Faster, smashter. (fwd) Charles Miller (Dec 11)