background image

Data Mining a Mountain of Zero Day Vulnerabilities

Name:Â Chris

Surename:Â Eng

Abstract: Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. We used static binary analysis on thousands of applications submitted to us by large enterprises, commercial software vendors, open source projects, and software outsourcers, to create an anonymized vulnerability data set. By mining this data we can answer some interesting questions. What types of mistakes do developers make most often? Are we making any progress at eradicating XSS and SQL injection? How long does it really take to remediate software vulnerabilities? Is anybody actually using ESAPI? We will address these questions and many others, giving you a deep dive into application security metrics at a scale that can’t be found anywhere else.

This site was build using Wordpress The theme was based on the Royal-Blue theme

Security Bug Disclosure Policy: Let us know privately if you find something, and we'll work with you to get it fixed. Please don't abuse the site to find bugs, though, as that runs up our hosting fees.