skip to main | skip to sidebar

A blog previous known as "Intrusion Detection on the Road"

I used to write about intrusion detetion and security issues, but from now I will write about what ever computer related I come up with.

Wednesday, November 14, 2007

Computer Security Strength & Risk

Previously on this blog I have related to an ongoing discussion on risk analysis with FAIR. Also related to this problem is this doctoral dissertation at Harvard university from 2004:

http://citeseer.ist.psu.edu/631841.html

In this dissertation the author suggests an economical model to measure security of a software product. By deriving an upper and lower the bound for the price for finding a new vulnerability he is able to set a value of a vulnerability and a higher value means a more secure product.

My questions are: Has anybody implemented ideas similar to this? What do you think of such an approach?

Posted by Tomas at 10:17 AM
Labels: paper, security analysis, security metric, statistics, vulnerability

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

About Me

My photo
Tomas
Sweden
View my complete profile

About this blog

In this blog I will write about research issues in Intrusion Detection and Active Response. I am a novice in the area, so please correct me...

http://www.sics.se/~tol

Recent comments


Blog Archive

  • ►  2009 (2)
    • ►  November (2)
  • ►  2008 (10)
    • ►  September (1)
    • ►  August (3)
    • ►  June (1)
    • ►  April (2)
    • ►  February (1)
    • ►  January (2)
  • ▼  2007 (32)
    • ▼  November (3)
      • The most annoying security procedures
      • Security Architecture Analysis
      • Computer Security Strength & Risk
    • ►  October (1)
    • ►  September (4)
    • ►  August (3)
    • ►  June (1)
    • ►  May (1)
    • ►  April (5)
    • ►  March (10)
    • ►  February (4)

Labels

  • blog entry (12)
  • security analysis (12)
  • paper (10)
  • risk analysis (8)
  • attacks (7)
  • machine learning (7)
  • newspapers (7)
  • statistics (7)
  • Bayesian analysis (6)
  • vulnerability (6)
  • intrusion prevention applied (5)
  • intrusion detection (4)
  • intrusion detection applied (4)
  • software (4)
  • anomaly detection (3)
  • security architecture analysis (3)
  • signature-based detection (3)
  • CVSS (2)
  • conference (2)
  • data mining (2)
  • defensive respone (2)
  • model-based (2)
  • security metric (2)
  • security tools (2)
  • Code (1)
  • Fuzzy logic (1)
  • JavaFX (1)
  • PhD Thesis (1)
  • access control (1)
  • alert correlation (1)
  • browser (1)
  • defensive response (1)
  • google (1)
  • intrusions (1)
  • network security analysis (1)
  • proceedings (1)
  • research (1)
  • response (1)
  • simulation (1)
  • visualization (1)

Blogs

  • gsandahl.net - a security consultant
  • Network Security Blog
  • Kryptoblog - Security in Swedish
  • Security to the Core
  • IT Security Journal
  • OSSEC Blog
  • Security Sauce
  • Tao Security
  • Security to the Core
  • Network Security Blog

Software

  • Prelude Hybrid IDS
  • Snort IDS/IPS
  • OSSEC Hybrid IDS