Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Buying into the Bias - Why Vulnerability Statistics Suck

Black Hat via YouTube

Overview

Explore a critical analysis of vulnerability statistics in this 57-minute Black Hat USA 2013 conference talk. Delve into the flaws and misuses of vulnerability data from repositories like CVE and OSVDB, as presented by Brian Martin and Steve Christey. Examine how academic researchers, journalists, and vendors often misinterpret and misuse this data to draw faulty conclusions about security trends and product comparisons. Learn about the various biases and limitations inherent in vulnerability data collection and analysis. Gain insights into how to critically evaluate vulnerability studies and statistics to make more informed security decisions. Discover concrete examples of both problematic and relatively sound approaches to vulnerability analysis. Understand the complexities of vulnerability observation, cataloging, and annotation processes. Benefit from vendor-neutral suggestions for improving the industry's approach to vulnerability statistics, while also encountering a more critical perspective on current practices.

Syllabus

Black Hat USA 2013 - Buying into the Bias: Why Vulnerability Statistics Suck

Taught by

Black Hat

Reviews

Start your review of Buying into the Bias - Why Vulnerability Statistics Suck

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.