Information Security News mailing list archives
Advice sought in survey about vulnerability lifecycle, hacker ability
From: InfoSec News <isn () c4i org>
Date: Mon, 28 Jan 2002 02:37:40 -0600 (CST)
Forwarded from: Daniel Bilar <bilar () Dartmouth EDU> I am a PhD student at Dartmouth (www.ists.dartmouth.edu) and working on risk analysis of computer networks. I was researching empirical data on the time distributions in the lifecycles of a vulnerability and the hacker ability to exploit vulnerabilities at points in time in these cycles. I wrote a survey for this, & it would be nice to have at least twenty to thirty respondents to have a meaningful statistical result. Thanks! Daniel Bilar bilar () dartmouth edu Daniel Bilar 45 Lyme Road Suite 104 Hanover, NH 03755 bilar () dartmouth edu Survey: Vulnerability event times and hacker ability --------------------------------------------------------------- Overview --------- This survey would like to gather data on two questions: The first one is concerned with the time distribution between events in the lifecycle of a vulnerability. The second one is concerned with the ability, in percentage of the general hacker population, to launch a succesful exploit at each of these points in time in the lifecyle of a vulnerability. +++++++++++++++++++++++++++++++++++++++++++++++++++++++ Question 1) I have identified 4 events of interests in the lifecycle of a vulnerability: a) Theoretical description vulnerability (e.g. the discovery of the vulnerability, not widely known but to either vendor or elite hacker or security experts) b) Proof of concept of vulnerability (e.g. an exploit has been written, but is not widely available because it is not widely posted or the vulnerability's exploit is an old technique (like cross scripting, etc ) c) Popularization of vulnerability (e.g. the exploit is posted and as such widely available) d) Countermeasure of vulnerability (e.g. patch/method is posted and widely available) A possible time line of events (other sequences are possible/probable): | --- a) | | t(a,b) | --- b) | | t(b,c) | --- c) | | t(c,d) | --- d) | | \/ future **** Question Section (Answer section below) ****** i. Can you give an estimate of the time between events a and b, b and c and c and d? ii. In your opinion, for each of these times, how much influence do the following factors have? (on a scale from 1 to 5, 5 being the most influence) - type of vulnerability (such as buffer, race condition, etc) - open vs closed source (independent of vendor) - popularity of vulnerable software - vendor of software - other (please specify) **** Answer Section ****** Please specify the times in days (d) or hours (h). i. Time Estimate for t(a,b): ii. FACTORS ----------- type of vulnerability: open vs closed source popularity of vulnerable software vendor of software other: --------------------------------------- i. Time estimate for t(b,c): ii. FACTORS ----------- type of vulnerability: open vs closed source popularity of vulnerable software vendor of software other: ---------------------------------------- i. Time Estimate for t(c,d): ii. FACTORS ----------- type of vulnerability: open vs closed source popularity of vulnerable software vendor of software other: +++++++++++++++++++++++++++++++++++++++++++++++++++++ Question 2) At each of point in times of these events, a particular skill level is required to take advantage of the vulnerability. Only very skilled hackers can take advantage of a buffer overflow condition at time a), for instance. **** Question Section (Answer section below) ******* What percentage of the general hacker population has the skills to exploit a vulnerability at each of these time a), b), c) and d) ? **** Answer Section ****** Please specify exploit ability in percentage of general hacker population, from 0-100 %. Percentage at time at event a): Percentage at time at event b): Percentage at time at event c): Percentage at time at event d): +++++++++++++++++++++++++++++++++++++++++++++++++++ Please send your answers to bilar () dartmouth edu, along with any other comments you may have. Thank you for much for your valuable time and expertise. It is very much appreciated. Daniel Bilar ISTS, Dartmouth College Hanover NH 03755 bilar () dartmouth edu 603 646 0745 www.ists.dartmouth.edu - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Advice sought in survey about vulnerability lifecycle, hacker ability InfoSec News (Jan 28)