Musings on risk, innovation, data science & my PhD dissertation
This looks very interesting. For the 'patching illustrativ example' did you look at Allodi andMassacci's presentation at BlackHat (https://www.blackhat.com/us-13/archives.html#Allodi)? could be relevant. as well as jericho and steve christey's to a point (https://www.blackhat.com/us-13/archives.html#Martin)
Marco -- thanks so much for these references. No, I didn't draw on much outside sources or specifics. They will definitely add more detail and realism for the next pass of this presentation.
Russell, specifically the Allodi/Massacci case is quite interesting. A statistical analysis into patching based on CVSS. Something I haven't seen before. I know, only a small part of your Risk presentation, but I'm sure you'll find good things in there.