tag:blogger.com,1999:blog-37798047.post1892594173033634734..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Vulns are sparse, code is denseDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-37798047.post-82410113588662795822016-05-08T21:39:59.460-04:002016-05-08T21:39:59.460-04:00In some cases vulns are very dense. "In one e...In some cases vulns are very dense. "In one experiment run by the Air Force, three million lines of proprietary code were scanned for vulnerabilities. They found one “software vulnerability” per eight lines of code, one “high vulnerability” per 31 lines of code, and one “critical vulnerability” per 70 lines of source code." <br /><br />From http://ciceromagazine.com/features/network-centric-warfare-set-the-stage-for-cyberwar/Security Leaders Grouphttps://www.blogger.com/profile/13345287430589597890noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-33538366819434951892016-05-04T13:59:30.727-04:002016-05-04T13:59:30.727-04:00I like looking at it from an egocentric point of v...I like looking at it from an egocentric point of view or in the case of aiding someone, what does it mean to them? This is the reason why application infrastructure has not moved at a very fast pace towards new SDN or cloud applications that quickly. The risk reward is still hockey-stick.<br /><br />Good article though.dizkonekdidhttps://www.blogger.com/profile/01315624546066684827noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-8431543800671242942016-05-04T12:43:50.717-04:002016-05-04T12:43:50.717-04:00Have you seen Andy Ozment's Milk or Wine paper...Have you seen Andy Ozment's <a href="https://www.usenix.org/legacy/event/sec06/tech/full_papers/ozment/ozment.pdf" rel="nofollow">Milk or Wine</a> paper? It would seem to back up your theory.ThingFishhttps://www.blogger.com/profile/06563096975259002855noreply@blogger.com