Establishing Defender Advantage w/ Cyentia Institute

Episode Thumbnail
00:00
00:00
This is a podcast episode titled, Establishing Defender Advantage w/ Cyentia Institute. The summary for this episode is: <p>We tackle a hotly contested debate as old as cybersecurity itself: does releasing exploit code do more harm than good?</p>
Intros & Revealing Dr. Edward's Source Code
01:33 MIN
Picking Up Where Volume 6 Left Off
01:14 MIN
P2Pv7 Data Sources
04:24 MIN
TLDR: Results of 3 Hypothesis Tested
01:03 MIN
Public Exploit Code Existing Is What Matters
02:14 MIN
Hypothesis 1: Releasing Exploit Code Early Leads to Earlier Remediation
04:16 MIN
Hypothesis 1 Rejected
02:34 MIN
Hypothesis 2: Releasing Exploit Code Early Leads to Earlier Detection
05:32 MIN
New Idea Exploit Escrow Services
05:30 MIN
Hypothesis 3: Releasing Exploit Code Early Leads to Earlier Exploitation
02:47 MIN
Public Exploit Code Correlates to 15X Exploitation Activity
00:44 MIN
When Public Exploit Code Exists & It's An RCE = 30X Exploit Activity
01:01 MIN
Correlation & Impact to Coordinated Disclosure
03:48 MIN
Vendor Popularity & Exploitation Rates
05:55 MIN
Kenna's Unmagic Quadrant
04:44 MIN
Plotting Remediation vs. Exploit Activity for 24 Vendors
05:16 MIN
Go Home CVSS, You're Drunk
04:35 MIN
Attacker/Defender Advantage Per Vendor
02:20 MIN
Takeaways From Ed/Jay/Michael
08:51 MIN

DESCRIPTION

We tackle a hotly contested debate as old as cybersecurity itself: does releasing exploit code do more harm than good?