[Chinese]Dynamics of Insecurity
以下内容来自于<Stefan Frei>的演讲材料Dynamics of Insecurity – 关于不安全的动力学。原文可以在下面的链接下载到:http://www.techzoom.net/risk
Risk exposure
Black Risk (exogenous)
Time from discovery to disclosure
Only a closed group is aware of the vulnerability. This group could be anyone from hackers, organized crime or responsible security researchers/vendors
在黑色风险区,只有发现者周围的很小的圈子了解这个漏洞和可能的利用方法,它的破坏力很难估测,这段时间,作为一般性的组织和企业来说,很难了解,就更不用说管理了。
Gray Risk (exogenous)
Time from disclosure to patch
User waits for the vendor to issue a patch. Public is aware of this risk but has not yet received remediation from vendor
在这个灰色风险区,一般性的组织企业最为脆弱,同时又基本上无能为力,能力强的组织企业可以积极组织评估,开发部署临时变通方案,例如关闭服务,或者使用变通配置等。
White Risk (endogenous)
The time from patch availability to patch installation
只有在白色风险区,是一般性的组织企业可以管理并控制的。
我更喜欢玩帝国时代,还有后来的国家崛起rise of nations.
红色警报,呵呵,想起来红警了