Showing How Security Has (And Hasn'T) Improved, After Ten Years Of Trying

No ratings

Presented at CanSecWest 2011 by

Michael Eddington

Dan Kaminski

Adam Cecchetti

If there's one thing you learn studying computer security, it's that very few things are in fact "random". The prevalence of security holes, it turns out, is one of those things. In this talk, we'll show how using flaw detection rates across ten years of software demonstrates concrete, detectable patterns regarding the actual state of software security. Some things have gotten better. Some things... haven't.