|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: security curmudgeon (jericho
attrition.org)
Date: Tue Dec 09 2008 - 13:35:03 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
: One technique we're doing this week with a client is taking an attack
: tree and marking it up with dollar values. I.E. if you wanted to buy an
: 0day in X component, how much would it cost?
How do you come up with that dollar value? Is it based on estimated hours
to develop a functional exploit in X component? The skill level
of the attacker writing it? The value of the information/access gained if
exploited? Probability of exploitation not being noticed and ability to
further backdoor compromised machine/network?
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]