I'm calculating loss expectancy (SLE/ALE) but where or how does one get data on annual rates of occurrences for various things? From simple hard-drive failure rates to something complex like the exploitation of client browsers? Or how about the effectiveness of controls and how much they can reduce the exposure factor? An example being using Snort Sourcefire VRT Certified Rules over default/non-subscription ones.
Asked
Active
Viewed 3,451 times
2 Answers
2
I think you may find that this question is so huge in function and scope that you won't find such definitive lists (though I'd also love to see one.)
Publicly, you are more likely to find mean-(time-to or between)-failure of hardware than for software simply because physical engineering will be concerned with those figures during the life-cycle. Of course, Google's study on their consumer-grade disk drives was interesting, but again, very focused and clearly shows that even if you know the stats for physical hardware, sometimes reality paints a different (or at least "more complete") picture.
With all of this said, I can think of two organizations that love to deal with probabilities of failures: the government/military and insurance companies. Maybe this can help in the search process?
logicalscope
- 6,344
- 3
- 25
- 38
-
Perhaps hard drives were a bit too simple of an example. Although I thought it was common knowledge that MTBF for hard drives were completely unrealistic? – jvff Dec 13 '11 at 10:35
-
1You might find the following article interesting reading: http://c2.com/cgi/wiki?MeanTimeBetweenFailureForSoftware – logicalscope Dec 13 '11 at 19:22
