THAR' BE VULN. ID'S HERE - A DATA MINING CASE STUDY presented at Ruxcon 2012

by Matt J,

Tags: Social Media Data Analysis Twitter Trends

Summary : This presentation will take a look at data mining social-media and version control systems for vulnerability references. There are two projects that will be demonstrated with three main goals with this work: 1. Leverage social media to help enrich public vulnerability feeds with valuable information and technical research, 2. Sift through day to day social-media activity from the security community and provide a data source for trending IT security data, and 3. Leverage version control data to build metrics and analytics capabilities for open-source bug hunters.
The social-media mining portion of the talk will demonstrate identifying vulnerabilities with heavy activity over the past 18 months, distinguishing between community hype and solid technical research, and demographic specific trends. There will then be a demo for leveraging this mined data to identify general trending IT security information that can act as a news feed for researchers.
The version control mining portion of the talk will demonstrate providing code analytics for bug-hunters, with test-case projects such as the linux kernel. Example functionality that will be discussed and demonstrated includes activity heat-maps, dormancy vs. code density analysis, and historical vulnerability tainting.

Matt J: Matt is a thought leader in procrastination and enjoys spicy food with beer.