Vulnerability Development mailing list archives
RE: hello
From: "Oliver Petruzel" <opetruzel () cox rr com>
Date: Sun, 7 Apr 2002 03:37:37 -0400
I think what he seeks are power-point presentation bullet-points... such as "x number of companies reported bind hacks in 2001" etc... SANS is a good start for info, and projects at secfocus are good too...stats abound... -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Friday, April 05, 2002 11:59 PM To: xzchen Cc: vuln-dev () securityfocus com Subject: Re: hello On Sat, 06 Apr 2002 10:16:19 +0800, xzchen <xzchen () sei xjtu edu cn> said:
Hi,I am engaged in the vulnerability assessment. Now I am lack of the statistic results about the exploting incidents of some vulnerabilities.How can I get some statistic data about the exploting incidents of some vulnerabilities? Please provide me some reference. Thank you.
Vulnerability assessments are usually made on a specific program/site/network. As a result, simply throwing statistics like "18 million hosts were infected with Nimda" doesn't tell you *ANYTHING* about whether your target is vulnerable to anything, Nimda or otherwise. On the other hand, *IF* your network contains Linux systems, Dave Dittrich's estimate of how long an unpatched Linux system survives may be useful information. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech