Dailydave mailing list archives
Re: More offensive security metrics and you
From: dan () geer org
Date: Mon, 17 Aug 2009 23:25:36 -0400
dave writes: -+---------- | <snip> | | I know there's a long list of these sorts of things, and when you have | 80% of them, you can't get kicked out. Essentially, you'll have found | strategic operational flaws that transcend any point-fixes the company | may be able to put into place. | Actually, it is a worthwhile goal to describe the tipping point of a penetration, the moment when, as you say, the penetrator can no longer be kicked out. I'm sure you'd like the catalog of what that takes, and you've begun it. Keep at the effort, please. I'm more interested in the rate constant -- how long does it take to reach the tipping point, is that time rising or falling, and is self-optimising automation feasible? I'm (more than) happy to measure "time" in something synthetic like clock cycles, function calls, number of training rounds, etc. I just want to know the first and second derivatives. Nothing much... --dan _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- More offensive security metrics and you dave (Aug 17)
- Re: More offensive security metrics and you dan (Aug 18)
- <Possible follow-ups>
- Re: More offensive security metrics and you Kevin Noble (Aug 26)