Vulnerability Development mailing list archives

RE: hello

From: "Oliver Petruzel" <opetruzel () cox rr com>
Date: Sun, 7 Apr 2002 03:37:37 -0400

I think what he seeks are power-point presentation bullet-points... such
as "x number of companies reported bind hacks in 2001" etc...

SANS is a good start for info, and projects at secfocus are good
too...stats abound... 

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
Sent: Friday, April 05, 2002 11:59 PM
To: xzchen
Cc: vuln-dev () securityfocus com
Subject: Re: hello 

On Sat, 06 Apr 2002 10:16:19 +0800, xzchen <xzchen () sei xjtu edu cn>
said:

Hi,I am engaged in the vulnerability assessment. Now I am lack of
the statistic results about the exploting incidents of some
vulnerabilities.How can I get some statistic data about the
exploting incidents of some vulnerabilities? Please provide me some
reference. Thank you.


Vulnerability assessments are usually made on a specific
program/site/network.  As a result, simply throwing statistics like
"18 million hosts were infected with Nimda" doesn't tell you
*ANYTHING* about whether your target is vulnerable to anything, Nimda
or otherwise.  On the other hand, *IF* your network contains Linux
systems, Dave Dittrich's estimate of how long an unpatched Linux
system survives may be useful information.

-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Current thread:

hello xzchen (Apr 05)
- Re: hello Valdis . Kletnieks (Apr 06)
  - RE: hello Oliver Petruzel (Apr 07)
- Re: hello Felipe Franciosi (Apr 07)
  - Re: hello Richard Hamnett (Apr 07)
    - Re: hello tmorgan-security (Apr 08)