tag:blogger.com,1999:blog-9079742631670078384.post8589803278109419487..comments2024-03-28T03:19:51.528-07:00Comments on Exploring Possibility Space: preso: Big 'R' Risk Management - from concept to pilot implementationRussell Thomashttp://www.blogger.com/profile/06123406032076292954noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9079742631670078384.post-58494626039653728162013-10-22T13:35:05.861-07:002013-10-22T13:35:05.861-07:00Russell, specifically the Allodi/Massacci case is ...Russell, specifically the Allodi/Massacci case is quite interesting. A statistical analysis into patching based on CVSS. Something I haven't seen before. I know, only a small part of your Risk presentation, but I'm sure you'll find good things in there.Marco Tietzhttps://www.blogger.com/profile/08830681658777327852noreply@blogger.comtag:blogger.com,1999:blog-9079742631670078384.post-66822414096981121062013-10-21T14:38:42.251-07:002013-10-21T14:38:42.251-07:00Marco -- thanks so much for these references. No, ...Marco -- thanks so much for these references. No, I didn't draw on much outside sources or specifics. They will definitely add more detail and realism for the next pass of this presentation.Russell Thomashttps://www.blogger.com/profile/06123406032076292954noreply@blogger.comtag:blogger.com,1999:blog-9079742631670078384.post-75921153542871419882013-10-21T11:04:44.875-07:002013-10-21T11:04:44.875-07:00This looks very interesting. For the 'patching...This looks very interesting. For the 'patching illustrativ example' did you look at Allodi and<br />Massacci's presentation at BlackHat (https://www.blackhat.com/us-13/archives.html#Allodi)? could be relevant. as well as jericho and steve christey's to a point (https://www.blackhat.com/us-13/archives.html#Martin)Marco Tietzhttps://www.blogger.com/profile/08830681658777327852noreply@blogger.com