Torbit: Design of an open source security flaw measurement suite

摘要

We present our experience in developing an open source tool for the measurement of security flaws. Since security flaws result from the unauthorized flow of information, our tool shows how these flaws can be measured and compared based on the amount of information that flows, how "far" it flows, and the value of the information. Flaws can then be compared and careful security testers can maximize the amount of security for a limited set of resources. The development of a tool to partially automate this process will prove to be an asset to the open source community in that the "many eyes" can be directed and these resources prioritized in order to patch flaws in the most efficient manner and minimize downtime and risk.