BH 2016 mudge and sarah: Measuring Adversary Costs to Exploit Commercial Software

Cad49e6ffc6048dc9c53c77a907632dc?s=47 Daniel Bilar
August 04, 2016

BH 2016 mudge and sarah: Measuring Adversary Costs to Exploit Commercial Software

Update 2017 Oct 25:
Corrected BH USA 2016 talk link https://www.youtube.com/watch?v=GhO9vyW1f7w
DC 25 2017 talk more findings https://twitter.com/daniel_bilar/status/922499540573413376

Unexpected consequence of @dotMudge scheme: 0day market price discovery.
Hardening line used for exploit arbitrage re overvalued vuls.
See also blog post https://medium.com/@daniel_bilar/attack-work-effort-transparent-accounting-for-software-in-modern-companies-17038d0ca697#.h4iq9dw8u

Cad49e6ffc6048dc9c53c77a907632dc?s=128

Daniel Bilar

August 04, 2016
Tweet

Transcript

  1. None
  2. None
  3. None
  4. None
  5. None
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None
  13. None
  14. None
  15. None
  16. None
  17. None
  18. None
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None