This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Front Range OWASP Conference 2013/Presentations/ZeroDays"
Mark Major (talk | contribs) (Created page with "===Data Mining a Mountain of Zero Day Vulnerabilities=== Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of ins...") |
Jess Garrett (talk | contribs) |
||
Line 6: | Line 6: | ||
The discussion will answer these questions and many others, giving you a deep dive into metrics not found anywhere else. | The discussion will answer these questions and many others, giving you a deep dive into metrics not found anywhere else. | ||
+ | |||
+ | [[Media:Brady.pdf | Slides]] | ||
+ | [https://vimeo.com/68107333 Video] | ||
+ | <br> |
Latest revision as of 17:50, 11 June 2013
Data Mining a Mountain of Zero Day Vulnerabilities
Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. This presentation evaluates an anonymized vulnerability data set derived from static binary analysis on thousands of applications belonging to large enterprises, commercial software vendors, open source projects, and software outsourcers.
By mining this data we can answer some interesting questions. What types of mistakes do developers make most often? Are we making any progress at eradicating XSS and SQL injection? How long does it really take to remediate software vulnerabilities? How secure are third party software components?
The discussion will answer these questions and many others, giving you a deep dive into metrics not found anywhere else.