Torbit: an Open Source Flaw Measurement Tool Suite

摘要

We present our experience in developing an open source tool for the measurement of security flaws. Since security flaws result from the unauthorized flow of information, these flaws can be measured and compared based on the amount of information that flows, how "far" it flows, and the value of the information. Flaws can then be compared and careful security testers can get the most security possible given a limited set of resources. The development of a tool to partially automate this process will prove to be an asset to the open source community in that the "many eyes" can be directed and these resources prioritized in order to patch flaws in the most efficient manner and minimize downtime and risk.