BH 2016 mudge and sarah: Measuring Adversary Costs to Exploit Commercial Software

Cad49e6ffc6048dc9c53c77a907632dc?s=47 Daniel Bilar
August 04, 2016

BH 2016 mudge and sarah: Measuring Adversary Costs to Exploit Commercial Software

Update 2017 Oct 25:
Corrected BH USA 2016 talk link https://www.youtube.com/watch?v=GhO9vyW1f7w
DC 25 2017 talk more findings https://twitter.com/daniel_bilar/status/922499540573413376

Unexpected consequence of @dotMudge scheme: 0day market price discovery.
Hardening line used for exploit arbitrage re overvalued vuls.
See also blog post https://medium.com/@daniel_bilar/attack-work-effort-transparent-accounting-for-software-in-modern-companies-17038d0ca697#.h4iq9dw8u

Cad49e6ffc6048dc9c53c77a907632dc?s=128

Daniel Bilar

August 04, 2016
Tweet