[71192] in North American Network Operators' Group
Re: AV/FW Adoption Sudies
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Jun 10 16:18:40 2004
To: EKR <ekr@rtfm.com>
Cc: Paul G <paul@rusko.us>, "'Nanog'" <nanog@merit.edu>
In-Reply-To: Your message of "Thu, 10 Jun 2004 12:23:42 PDT."
<kjn03brzcx.fsf@romeo.rtfm.com>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 10 Jun 2004 16:17:58 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-1516321780P
Content-Type: text/plain; charset=us-ascii
On Thu, 10 Jun 2004 12:23:42 PDT, Eric Rescorla said:
> I'm not sure we disagree. All I was saying was that I don't
> think we have a good reason to believe that the average bug
> found independently by a white hat is already known to a
> black hat. Do you disagree?
Actually, yes.
Non-obvious bugs (ones with a non 100% chance of being spotted on careful
examination) will often be found by both groups. Let's say we have a bug that
has a 0.5% chance of being found at any given attempt to find it. Now take 100
white hats and 100 black hats - compute the likelyhood that at least 1 attempt
in either group finds it (I figure it as some 39% (1 - (0.995^100)). For bonus
points, extend a bit further, and make multiple series of attempts, and
compute the probability that for any given pair of 100 attempts, exactly one
finds it, or neither finds it, or both find it. And it turns out that for that
39% chance, 16% of the time both groups will find it, 36% of the time exactly
one will find it, and 48% of the time *neither* will find it.
And in fact, the chance of overlap is much higher, because the two series of
100 runs *aren't* independent. Remember that for the most part, the info that
suggested "Look over HERE" to the white hat was also available to the black
hat.....
--==_Exmh_-1516321780P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAyMH1cC3lWbTT17ARAsWQAKDHCPDf3n743co65fOKubRZ4+B1GgCgyIF+
MTuyvRbrb0CoH4vMTyMAASs=
=YqB1
-----END PGP SIGNATURE-----
--==_Exmh_-1516321780P--
