Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: hello

RE: hello

From: Oliver Petruzel <opetruzel_at_cox.rr.com>
Date: Sun, 7 Apr 2002 03:37:37 -0400

I think what he seeks are power-point presentation bullet-points... such
as "x number of companies reported bind hacks in 2001" etc...

SANS is a good start for info, and projects at secfocus are good
too...stats abound...

-----Original Message-----
From: Valdis.Kletnieks_at_vt.edu [mailto:Valdis.Kletnieks_at_vt.edu]
Sent: Friday, April 05, 2002 11:59 PM
To: xzchen
Cc: vuln-dev_at_securityfocus.com
Subject: Re: hello

On Sat, 06 Apr 2002 10:16:19 +0800, xzchen <xzchen_at_sei.xjtu.edu.cn>
said:

> Hi,I am engaged in the vulnerability assessment. Now I am lack of
> the statistic results about the exploting incidents of some
> vulnerabilities.How can I get some statistic data about the
> exploting incidents of some vulnerabilities? Please provide me some
> reference. Thank you.

Vulnerability assessments are usually made on a specific
program/site/network. As a result, simply throwing statistics like
"18 million hosts were infected with Nimda" doesn't tell you
*ANYTHING* about whether your target is vulnerable to anything, Nimda
or otherwise. On the other hand, *IF* your network contains Linux
systems, Dave Dittrich's estimate of how long an unpatched Linux
system survives may be useful information. 

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech
Received on Apr 07 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos