Presentation<\/a> [PDF]<\/p>\nTwitter transcript<\/b><\/p>\n
#weis2011 Overview of basic ssl\/tls\/https concepts. Asking: how prevalent is https, what are problems with https?<\/p>\n#weis2011 Out of their large sample, only 1\/3 (34.7%) have support for https, login is worse! only 22.6% < #data!<\/p>\n
#weis2011 (me) just like Microsoft for patches\/vulns, everyone uses Bank of America for https & identity examples. #sigh<\/p>\n
#weis2011 More Certificates 101, but a good venn diagram explaining what authentication success looks like w\/%ages. rly good visualization.<\/p>\n
#weis2011 domain mismatch accounts for over 80% of certificate authentication failures. why? improper reuse. it has a simple solution (SNI)<\/p>\n
#weis2011 the team did a very thorough analysis that puts data behind what most folks have probably assumed. #dataisspiffy<\/p>\n
#weis2011 We've created a real mess for users with certs. EV certs help, but are expensive and not pervasive (***6%***!)<\/p>\n
#weis2011 economics don't back good cert issuance practices; 0 liability on issuers; too many subcontractors; we trained users to click \"OK\"<\/p>\n
#weis2011 great slide on CA success rates (hint: godaddy is #1) #sadtrombone<\/p>\n
#weis2011 sample: 1 million web sites; less than 6% do SSL\/TLS right. cheap certs == cheap \"security\"; policies need to change incentives<\/p>\n
#weis2011 URL for the data is in the last slide. first question is challenging the approach for the analysis and went on for a while<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"
Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux Presentation [PDF] Twitter transcript #weis2011 Overview of basic ssl\/tls\/https concepts. Asking: how prevalent is https, what are problems with https? #weis2011 Out of their large sample, only 1\/3 (34.7%) have support for https, login is worse! only 22.6% < #data! #weis2011 (me) just like Microsoft for patches\/vulns, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[60,3,71],"tags":[740,451,457,256,178,454,453,456,147,458,741,121,455,452],"class_list":["post-588","post","type-post","status-publish","format-standard","hentry","category-certificates","category-information-security","category-weis-2011","tag-authentication","tag-bank-of-america","tag-certs","tag-cryptographic-protocols","tag-http","tag-http-secure","tag-jeane-pierre-hubaux","tag-key-management","tag-microsoft","tag-secure-communication","tag-ssl","tag-twitter","tag-uri-scheme","tag-web-certificates-nevena-vratonjic-julien-freudiger-vincent-bindschaedler-jeane-pierre-hubaux"],"yoast_head":"\n
WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates - rud.is\" \/>\n<meta property=\"og:description\" content=\"Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux Presentation [PDF] Twitter transcript #weis2011 Overview of basic ssl\/tls\/https concepts. Asking: how prevalent is https, what are problems with https? #weis2011 Out of their large sample, only 1\/3 (34.7%) have support for https, login is worse! only 22.6% < #data! #weis2011 (me) just like Microsoft for patches\/vulns, […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2011-06-14T17:57:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-03-27T14:40:06+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/06\\\/14\\\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/06\\\/14\\\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\\\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates\",\"datePublished\":\"2011-06-14T17:57:34+00:00\",\"dateModified\":\"2017-03-27T14:40:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/06\\\/14\\\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\\\/\"},\"wordCount\":21,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"keywords\":[\"Authentication\",\"Bank of America\",\"Certs\",\"Cryptographic protocols\",\"http\",\"HTTP Secure\",\"Jeane-Pierre Hubaux\",\"Key management\",\"Microsoft\",\"Secure communication\",\"SSL\",\"Twitter\",\"URI scheme\",\"Web Certificates Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux\"],\"articleSection\":[\"Certificates\",\"Information Security\",\"WEIS 2011\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/06\\\/14\\\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/06\\\/14\\\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\\\/\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/06\\\/14\\\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\\\/\",\"name\":\"WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates - rud.is\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\"},\"datePublished\":\"2011-06-14T17:57:34+00:00\",\"dateModified\":\"2017-03-27T14:40:06+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/06\\\/14\\\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/06\\\/14\\\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/06\\\/14\\\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rud.is\\\/b\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rud.is\\\/b\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\\\/\\\/rud.is\"],\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/author\\\/hrbrmstr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/","og_locale":"en_US","og_type":"article","og_title":"WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates - rud.is","og_description":"Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux Presentation [PDF] Twitter transcript #weis2011 Overview of basic ssl\/tls\/https concepts. Asking: how prevalent is https, what are problems with https? #weis2011 Out of their large sample, only 1\/3 (34.7%) have support for https, login is worse! only 22.6% < #data! #weis2011 (me) just like Microsoft for patches\/vulns, […]","og_url":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/","og_site_name":"rud.is","article_published_time":"2011-06-14T17:57:34+00:00","article_modified_time":"2017-03-27T14:40:06+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates","datePublished":"2011-06-14T17:57:34+00:00","dateModified":"2017-03-27T14:40:06+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/"},"wordCount":21,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"keywords":["Authentication","Bank of America","Certs","Cryptographic protocols","http","HTTP Secure","Jeane-Pierre Hubaux","Key management","Microsoft","Secure communication","SSL","Twitter","URI scheme","Web Certificates Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux"],"articleSection":["Certificates","Information Security","WEIS 2011"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/","url":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/","name":"WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2011-06-14T17:57:34+00:00","dateModified":"2017-03-27T14:40:06+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-the-inconvenient-truth-about-web-certificates\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-9u","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":591,"url":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-negative-information-looms-longer-than-positive-information\/","url_meta":{"origin":588,"position":0},"title":"WEIS 2011 :: Session 2 :: Identity :: Negative Information Looms Longer Than Positive Information","author":"hrbrmstr","date":"2011-06-14","format":false,"excerpt":"Laura Brandimarte Alessandro Acquisti Joachin Vosgerau Twitter transcript #weis2011 How does information related to past events and retrieved today get discounted? Why does neg valence receive more weight? #weis2011 how do we improve trustworthyness? #weis2011 \"designers of modern tech do not understand human fallibility and design systems w\/o taking them\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":563,"url":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-keynote-dr-christopher-greer\/","url_meta":{"origin":588,"position":1},"title":"WEIS 2011 :: Keynote :: Dr Christopher Greer","author":"hrbrmstr","date":"2011-06-14","format":false,"excerpt":"Dr Greer [cgreer at ostp.eop.gov] is Assistant Director, Information Technology R&D, Office of Science & Technology Policy, The White House Opening: \"The expertise of the attendees is greatly needed.\" He provided a broad overview of the goals & initiatives of the federal government as they relate to domestic & international\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":571,"url":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-1-attacks-where-do-all-the-attacks-go\/","url_meta":{"origin":588,"position":2},"title":"WEIS 2011 :: Session 1 :: Attacks :: Where Do All The Attacks Go?","author":"hrbrmstr","date":"2011-06-14","format":false,"excerpt":"Dinei Florncio Cormac Herley Presentation [PDF] Twitter transcript #weis2011 New threat model (that may scale). Rather than use individual users & attackers, use population of users, pop of attackers #weis2011 assumption\/proposition: attacker attacks when Expected{gain} > Expected{loss} #weis2011 (me) more good math on the slides. using the populations, they made\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":574,"url":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-1-attacks-the-underground-economy-of-fake-antivirus-software\/","url_meta":{"origin":588,"position":3},"title":"WEIS 2011 :: Session 1 :: Attacks :: The Underground Economy of Fake Antivirus Software","author":"hrbrmstr","date":"2011-06-14","format":false,"excerpt":"Brett Stone-Gross Ryan Abman Richard A. Kemmerer Christopher Kruegel Douglas G Steigerwald Presentation [PDF] Twitter transcript #weis2011 presenting analysis of *actual* data from 21 servers from 3 multi-million $ fake a\/v ops!!! < #spiffy #weis2011 showing example of fake a\/v exploit that was embedded in HTML. good walkthrough. useful slides\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":590,"url":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-2-identity-economic-tussles-in-federated-identity-management\/","url_meta":{"origin":588,"position":4},"title":"WEIS 2011 :: Session 2 :: Identity :: Economic Tussles in Federated Identity Management","author":"hrbrmstr","date":"2011-06-14","format":false,"excerpt":"Susan Landau Tyler Moore Presentation [PDF] Tyler presented really well and it's a great data set and problem to investigate. He & Susan shed a ton of light on an area most folks never think about. Well done. Twitter transcript #weis2011 this looks to be a \"must read\" resource for\u2026","rel":"","context":"In "Identity Management"","block_context":{"text":"Identity Management","link":"https:\/\/rud.is\/b\/category\/identity-management\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":568,"url":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-1-attacks-the-impact-of-immediate-disclosure-on-attack-diffusion-volume\/","url_meta":{"origin":588,"position":5},"title":"WEIS 2011 :: Session 1 :: Attacks :: The Impact of Immediate Disclosure on Attack Diffusion & Volume","author":"hrbrmstr","date":"2011-06-14","format":false,"excerpt":"Sam Ransbotham Sabayasachi Mitra Presentation [PDF] Twitter transcript #weis2011 Does immediate disclosure of vulns affect exploitation attempts? Looking at impact on risk\/diffusion\/volume #weis2011 speaker is presenting standard attack process & security processes timelines (slides will be in the blog post) #weis2011 the fundamental question is when from the vulnerability discovery\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=588"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/588\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}