Showing How Security Has (And Hasn'T) Improved, After Ten Years Of Trying presented at CanSecWest 2011

by Dan Kaminski (Doxpara ), Adam Cecchetti ( Deja Vu Security ), Michael Eddington ( Deja Vu Security ),

Tags: Security

Summary : If there's one thing you learn studying computer security, it's that very few things are in fact "random". The prevalence of security holes, it turns out, is one of those things. In this talk, we'll show how using flaw detection rates across ten years of software demonstrates concrete, detectable patterns regarding the actual state of software security. Some things have gotten better. Some things... haven't.