Secure Coding mailing list archives

Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis

From: crispin at novell.com (Crispin Cowan)
Date: Thu, 25 Jan 2007 17:20:34 +1100

ljknews wrote:

My guess is that if a company actually is capable of analyzing
binary code they only do it for the highest volume instruction
sets.

They certainly will focus on larger markets first. If you want them to
focus on *your* market, make it worth their while :) SUSE Linux does a
lot for the Z series mainframe market because they are willing to pay
for it. The market for, say, Motorola 88000 CPUs is relatively sparse :)

My guess is that attackers will go after machines they feel are
less protected.

I fully disagree with that. There are 2 kinds of attackers:

   1. Bottom feeders. These people troll for very common vulnerabilities
      with scanners and worms, trying to build botnets. There are
      *plenty* of people with unprotected x86 machines, so that is what
      they target, regardless of any optional technology add-ons people
      develop for that platform.
   2. Targeted attackers. These people are professionals, and they are
      going after a specific target. They don't select targets on the
      basis of vulnerability, they select the target for external
      reasons having nothing to do with the defenses deployed.

In between would be criminals of opportunity who seek targets that are
both valuable and soft. But that is really just a more sophisticated
variant of #1.

As a defender, you need to care about the strength of your defense in
proportion to the value of your assets. If your assets are not
particularly valuable, then only deploy the basic defenses to shed the
ankle biters in class 1. If your assets are more valuable, then deploy
more thorough/expensive defenses until the cost of the defenses exceeds
the calculated risk to your assets.

Crispin

-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
     Hacking is exploiting the gap between "intent" and "implementation"

Current thread:

Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis Kenneth Van Wyk (Jan 22)
- Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis ljknews (Jan 22)
  - Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis Blue Boar (Jan 22)
    - Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis ljknews (Jan 22)
  - Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis Crispin Cowan (Jan 24)
    - Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis ljknews (Jan 27)
  - Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis der Mouse (Jan 25)
- Dark Reading - Discovery and management - Security Startups Make Debut - Security News Analysis Chris Wysopal (Jan 22)