On Sat, 06 Apr 2002 10:16:19 +0800, xzchen <xzchensei.xjtu.edu.cn> said:

> Hi,I am engaged in the vulnerability assessment. Now I am lack of
> the statistic results about the exploting incidents of some
> vulnerabilities.How can I get some statistic data about the
> exploting incidents of some vulnerabilities? Please provide me some
> reference. Thank you.

Vulnerability assessments are usually made on a specific
program/site/network. As a result, simply throwing statistics like
"18 million hosts were infected with Nimda" doesn't tell you
*ANYTHING* about whether your target is vulnerable to anything, Nimda
or otherwise. On the other hand, *IF* your network contains Linux
systems, Dave Dittrich's estimate of how long an unpatched Linux
system survives may be useful information.

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001

iD8DBQE8roCrcC3lWbTT17ARAmHMAKCA5ezOyrL4E98PMNIuxCFArs6J9wCguxY1 a9xJOxNEuQB0Zl7E7tDtv9Y= =hrus -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]