Explore the intricacies of predicting software vulnerability exploitation in this 21-minute conference talk from USENIX Enigma 2019. Delve into research findings from analyzing data across 10 million hosts, uncovering insights on global vulnerability impact and exploitation trends. Learn about the decreasing fraction of exploited vulnerabilities despite their growing discovery rate, and understand why popular vulnerability metrics like CVSS scores poorly correlate with real-world exploits. Discover how combining technical vulnerability characteristics, social media information, and patching rates can create predictive models to assess exploitation risks and even infer zero-day exploits. Gain valuable knowledge on objectively evaluating defensive technologies, data-driven risk assessment for companies, and applications in cyber policymaking and insurance.
Predicting Vulnerability Exploitation - How to Assess Cybersecurity Risks
USENIX Enigma Conference via YouTube
Overview
Syllabus
Intro
How Do You Give Security Advice?
To Patch or Not To Patch?
Can We Predict Exploits?
Must Validate Predictions-Exploits in the Wild
Machine Learning and Security Predictions
Prediction With Intrinsic Features [2010]
What Are We Predicting?
Intuition: CVE-2017-0144
Mining Twitter to Predict Exploitation
Predicting Exploits in the Wild
Did We Get Lucky?
Time to Patch 50% of Vulnerable Hosts Observed patching of 1,593 vulnerabilities over 5 years
One Vulnerability, Different Patches
#3. Patching Patterns As Risk Factors
#3. Prediction Performance
What You Can Do Today
What You Can Do Tomorrow
Taught by
USENIX Enigma Conference
