Determinants of the Ease of Hacking
Software security is a problem. Software development mistakes end up as vulnerabilities that can be exploited. The easier a software exploit makes attacking a target, the less skilled people are able to do it. Various prioritisation systems exist to address software security issues. The author of th...
| Main Author: | |
|---|---|
| Format: | Others |
| Language: | English |
| Published: |
KTH, Industrial Information and Control Systems
2012
|
| Online Access: | http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-98489 |
| Summary: | Software security is a problem. Software development mistakes end up as vulnerabilities that can be exploited. The easier a software exploit makes attacking a target, the less skilled people are able to do it. Various prioritisation systems exist to address software security issues. The author of this paper finds that they are either too complex and hard to access, or product specific. This thesis takes a whole new approach to the prioritisation by studying exploit completeness and the factors that relate to it. First an exploit completeness scale is constructed, then the author conducts a study to analyse vulnerability and exploit data with statistical methods. The results show that seven factors influence exploit completeness. Five factors are used to build a linear regression model for completeness prediction. The time needed to collect the data for the factors is measured. |
|---|