I recently read the PHD dissertation of Andy Ozment, the CISO at Goldman Sachs. Mr Ozment uncovered problems with Vulnerability Discover Models and offered insights on how they might be improved. As an alternative, he proposed “an auction-based method to measure the difficulty of discovering a vulnerability in a system.” It was impressive to see him bring his computing background and his economics background to bear on this problem.
(Mr Ozment has not yet accepted my LinkedIn connection request even though I indicated that I’d read his dissertation :>.)
I’m also now reading the PHD dissertation of Gianluca Stringhini, a professor at University College London. Mr Stringhini details his successes in crafting software systems to find and monitor botnets, and to discover phony social media accounts, and formerly legit but compromised social media accounts, used by botnets. He also presents a system that discovers communities of social media accounts that are being accessed by the same botnet.
These are fascinating reads!
Please reply with any books, articles, blog posts in the infosec realm that you consider to be worthy of recommendation.