Friday, March 29, 2013

response to metrics questions

I hate metrics because most of the time the people in upper management who use them have no idea what the context behind them is.

This was the latest request I got:
What % of exploits use buffer overflow
What % use ROP
What % use stack pivoting techniques in the case the overflowed buffer isn't large enough to hold the entire "ROP sled" [I'm sure they meant NOP sled.]

Does anyone have time to actually keep track that? Are we talking about worldwide?

Sourcefire and Symantec might:

Their justification for this information: "I have a meeting I have to attend."

My thoughts: "Do they know the difference between vulnerability and exploit? Probably not."

My response: "Google Metasploit capabilities." LMAO

No comments:

Post a Comment