Open Source Not Exploited More Often.

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: http://www.technologyreview.com/computing/25480/page1/

"""
Open-Source Could Mean an Open Door for Hackers

A new analysis suggests that attackers exploit open-source software flaws faster and
more effectively.
"""

I wanted to point out a couple things about Sam Ransbotham's paper (
http://weis2010.econinfosec.org/papers/session6/weis2010_ransbotham.pdf ). There's no
reason to draw the kind of conclusions he drew without a lot more analysis, and I
have reason to believe better analysis would end up contradicting his conclusions.

Here are a couple real-world factors that, in my opinion, invalidate the analysis:

1. PHP - based on the data, as I understand it, one WordPress bug that is widely
exploited can tilt the balance of the whole study.

2. Microsoft Tuesday - When vulnerabilities are bundled into one patch or patch-set,
attackers only have an incentive to build one exploit for one vulnerability. The Open
Source vendors release "as we find/fix them" as opposed to "all at once" which would
drastically shift the results to make it look like Open Source is more exploited, imho.

Likewise, the paper ignores 0day and is based on a set of events from an IDS, which
makes it hard to avoid wondering about massive data-set skew. But even within that
dataset, I think better analysis would come to completely different conclusions.

Thanks,
Dave Aitel
Immunity, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkwOTrcACgkQtehAhL0ghepLcACfYrMxjwl+eLjZBP1V4rKtnxZL
/L0AnA38QiFEU/cFZ5+BKIzVAFDr3Jci
=FQrf
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave