I think what he seeks are power-point presentation bullet-points... such as "x number of companies reported bind hacks in 2001" etc... SANS is a good start for info, and projects at secfocus are good too...stats abound... -----Original Message----- From: Valdis.Kletnieksat_private [mailto:Valdis.Kletnieksat_private] Sent: Friday, April 05, 2002 11:59 PM To: xzchen Cc: vuln-devat_private Subject: Re: hello On Sat, 06 Apr 2002 10:16:19 +0800, xzchen <xzchenat_private> said: > Hi,I am engaged in the vulnerability assessment. Now I am lack of > the statistic results about the exploting incidents of some > vulnerabilities.How can I get some statistic data about the > exploting incidents of some vulnerabilities? Please provide me some > reference. Thank you. Vulnerability assessments are usually made on a specific program/site/network. As a result, simply throwing statistics like "18 million hosts were infected with Nimda" doesn't tell you *ANYTHING* about whether your target is vulnerable to anything, Nimda or otherwise. On the other hand, *IF* your network contains Linux systems, Dave Dittrich's estimate of how long an unpatched Linux system survives may be useful information. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Sun Apr 07 2002 - 11:17:48 PDT