Press Coverage Of My Research

Some of my publications and research resonated quite a bit in the community and press. Below an incomplete list of press coverage I am aware of.



All 2018 2017 2015 2014 2013 2012 2011 2010 2009 2008 2004

Authors and journalists 2013:

Brian Krebs (3), Brian Proffitt (1), Bruce Schneier (1), John P. Mello (1), Robert Lemos (2)

NSS Labs Backs Global Bounty Program to Cut Software Flaw Prevalence

A new study proposes that software firms buy the most critical code flaws as a cost-effective way to reduce rising economic losses from cyber-crime
eWeek - Robert Lemos December 19, 2013 | Article | Article |

The Case for a Compulsory Bug Bounty

Frei proposes creating a multi-tiered, “international vulnerability purchase program” (IVPP), in which the major software vendors would be induced to purchase all of the available and known vulnerabilities at prices well above what even the black market is willing to pay for them
Krebs on Security - Brian Krebs December 17, 2013 | Article | Article |

Security Vulnerabilities of Legacy Code

An interesting research paper documents a "honeymoon effect" when it comes to software and vulnerabilities: attackers are more likely to find vulnerabilities in older and more familiar code. It's a few years old, but I haven't seen it before now. The paper is by Sandy Clark, Stefan Frei, Matt Blaze, and Jonathan Smith: "Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities”.
Schneier on Security - Bruce Schneier December 17, 2013 | Article | Article |

How Many Zero-Days Hit You Today?

Frei also took stock of the software vulnerabilities collected by these two companies, and found that between 2010 and 2012, the ZDI and VCP programs together published 1,026 flaws, of which 425 (44 percent) targeted flaws in Microsoft, Apple, Oracle, Sun and Adobe products. The average time from purchase to publication was 187 days.
Krebs on Security - Brian Krebs December 5, 2013 | Article | Article |

Stacked Security Tools Detect Less Malware than Predicted

Combining two security products can improve detection rates of attacks, but generally less than predicted, research finds.
eWeek - Robert Lemos May 26, 2013 | Article | Article |

Layered defenses largely fail to block exploits, says NSS

Research lab finds a mix of products from different vendors is best for 'defense in depth'
CSO Online - John P. Mello May 24, 2013 | Article | Article |

The Surprising Holes The IT Security "Kill Chain" Is Neglecting

Security exploits don't have expiration dates - why you can't count on a multi-vendor, multi-layer "kill chain" to protect your company
ReadWrite - Brian Proffitt February 27, 2013 | Article |

Flaw Flood Busts Bug Bank

Krebs on Security - Brian Krebs February 4, 2013 | Article |



Date Time: 2020-04-04 08:30:40
Recent Papers
Recent Press Coverage
© 2000-2020 Stefan Frei