Comments on: Modelling the Security Ecosystem – is exploit availability exceeding patch availability? http://spiresecurity.com/?p=35 Risk and Cybersecurity Analysis Wed, 21 Aug 2013 23:28:51 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Pete http://spiresecurity.com/?p=35&cpage=1#comment-32 Pete Wed, 15 Jul 2009 00:22:59 +0000 http://spiresecurity.com/blog/?p=35#comment-32 @Ben -

I am using the definitions (explicit or implicit) directly from the paper. Here is what the paper said: “An exploit is a piece of software, a virus, a set of data, or sequence of commands that takes advantage of a vulnerability in order to cause unintended or unanticipated behavior to occur in software or an embedded device. Proof-of-concept code or exploits provided within security research and analysis tools are also deemed exploits.”

The way they chose the population is simply by using all listings from the data sources that had exploit data listed.

]]> By: Ben http://spiresecurity.com/?p=35&cpage=1#comment-31 Ben Tue, 14 Jul 2009 19:45:02 +0000 http://spiresecurity.com/blog/?p=35#comment-31 It might be worth defining what you mean by “exploit” in this context. It seems that the definition of a vulnerability is that it is a bug or flaw that can be exploited in a certain manner, but that the ease of exploitation can range from very easy to very hard. If I’m reading correctly, you’re talking more about “easily” or “readily” exploited vulnerabilities, or maybe even that a working exploit is in the wild (as opposed to one being academic). fwiw.

]]>