Updated Posts :
- The Post "Attacker Classes and Pyramid " has been updated to the third iteration. The post was updated in terms of coherency but I also added my OWASP BENELUX presentation entitled "The Rise of the Vulnerability Markets - History, Impacts and Mitigations". The presentation underlines the rationale behind the Attacker centric concept and the proposed Attacker Triad.
Notable excerpts :
The analysis of 54 exploit kits (mapped to the Opportunitsts/Mass-market class) lead to the following results:
Results : In order to protect against all tracked exploit-kits you had to patch 19 vulnerabilities in 2009, 24 in 2010 and 4 in 2011. That should be hardly a challenge and confirms the sophistication put forward in the Attacker Triad.
The analysis of 54 exploit kits (Source: Contagio) lead to the following results: