HD Moore’s Law

Joshua Corman wrote a post entitled HD Moore’s Law in which he raises some valid points around the fact that tools like Metasploit make it incredibly easy for anyone with little or no knowledge to be able to test a system for vulnerabilities. Naturally, the purpose of this or other such tools is to aid a security tester in finding these vulnerabilities. However, like any such tool, you cannot dictate if someone will use this for attack or defensive purposes.

The question then becomes whether your security defences have increased at the same rate? (hint the answer is no.) It’s a relatively straightforward process with many tools to choose from that you can simply point and click  to your systems and see if they can find some vulnerabilities. If they do, then you’re in a bit of trouble because it means anyone with a computer and internet connection can also find the same vulnerability.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s