Daniel W Woods
@ieltop.bsky.social
Economics of security and privacy. Lecturer at the University of Edinburgh + Researcher at Coalition.
This project asks whether addressing software vulnerabilities or misconfiguration should be higher priority when pursuing Secure by Design.
Here, vulnerabilities are flaws introduced by the vendor, in contrast to configuration which is controlled by the end-user.
Here, vulnerabilities are flaws introduced by the vendor, in contrast to configuration which is controlled by the end-user.
In a new paper for Lawfare's Security by Design Series, Sezaneh Seymour and @ieltop.bsky.social argue that "Secure by Design (SbD) policies should be calibrated to the actual risks faced by small businesses, rather than focusing primarily on software vulnerabilities."
Calibrating Secure by Design with the Risks Faced by Small Businesses
Empirical evidence suggests guiding small businesses toward more secure configurations is more
important than eliminating vulnerabilities.
www.lawfaremedia.org
February 18, 2025 at 8:43 AM
This project asks whether addressing software vulnerabilities or misconfiguration should be higher priority when pursuing Secure by Design.
Here, vulnerabilities are flaws introduced by the vendor, in contrast to configuration which is controlled by the end-user.
Here, vulnerabilities are flaws introduced by the vendor, in contrast to configuration which is controlled by the end-user.
Workshop on the Economics of Information Security (WEIS'25) venue and dates just announced.
Date: June 23-25, 2025
Venue: Institute of Industrial Science (IIS), The University of Tokyo
kmlabcw.iis.u-tokyo.ac.jp/weis/2025/in...
Date: June 23-25, 2025
Venue: Institute of Industrial Science (IIS), The University of Tokyo
kmlabcw.iis.u-tokyo.ac.jp/weis/2025/in...
WEIS 2025 – The 24th Workshop on the Economics of Information Security (Tokyo, Japan)
kmlabcw.iis.u-tokyo.ac.jp
December 3, 2024 at 1:26 PM
Workshop on the Economics of Information Security (WEIS'25) venue and dates just announced.
Date: June 23-25, 2025
Venue: Institute of Industrial Science (IIS), The University of Tokyo
kmlabcw.iis.u-tokyo.ac.jp/weis/2025/in...
Date: June 23-25, 2025
Venue: Institute of Industrial Science (IIS), The University of Tokyo
kmlabcw.iis.u-tokyo.ac.jp/weis/2025/in...
Reposted by Daniel W Woods
Initial access vectors according to various DFIR firms.
Random thoughts:
- None of the reports find the majority are caused by vulns/exploits
- How do some of these firms *not* have an "unknown" category
- Many categories are overlapping
- We really need a standardized schema @zakird.com
Random thoughts:
- None of the reports find the majority are caused by vulns/exploits
- How do some of these firms *not* have an "unknown" category
- Many categories are overlapping
- We really need a standardized schema @zakird.com
December 3, 2024 at 8:56 AM
Initial access vectors according to various DFIR firms.
Random thoughts:
- None of the reports find the majority are caused by vulns/exploits
- How do some of these firms *not* have an "unknown" category
- Many categories are overlapping
- We really need a standardized schema @zakird.com
Random thoughts:
- None of the reports find the majority are caused by vulns/exploits
- How do some of these firms *not* have an "unknown" category
- Many categories are overlapping
- We really need a standardized schema @zakird.com
Reposted by Daniel W Woods
I've started building a starter pack for security economics researchers. It's a work in progress, so feedback and suggestions are more than welcome! We'll continue to update it—stay tuned!
go.bsky.app/BgGNPep
go.bsky.app/BgGNPep
Security Economics
Join the conversation
go.bsky.app
November 26, 2024 at 2:13 PM
I've started building a starter pack for security economics researchers. It's a work in progress, so feedback and suggestions are more than welcome! We'll continue to update it—stay tuned!
go.bsky.app/BgGNPep
go.bsky.app/BgGNPep
Reposted by Daniel W Woods
fun fact from SEC Chairman Gary Gensler's resignation announcement
18% of tips/complaints that come to the SEC relate to crypto, even though the crypto market is less than 1% of all financial markets
www.sec.gov/newsroom/pre...
18% of tips/complaints that come to the SEC relate to crypto, even though the crypto market is less than 1% of all financial markets
www.sec.gov/newsroom/pre...
November 22, 2024 at 4:49 PM
fun fact from SEC Chairman Gary Gensler's resignation announcement
18% of tips/complaints that come to the SEC relate to crypto, even though the crypto market is less than 1% of all financial markets
www.sec.gov/newsroom/pre...
18% of tips/complaints that come to the SEC relate to crypto, even though the crypto market is less than 1% of all financial markets
www.sec.gov/newsroom/pre...
What does personal cyber insurance cover?
Our new article found that personal cyber insurance covers a range of online harms, including social media abuse.
"Why would money protect me from cyber bullying?": A Mixed-Methods Study of Personal Cyber Insurance
www.computer.org/csdl/proceed...
Our new article found that personal cyber insurance covers a range of online harms, including social media abuse.
"Why would money protect me from cyber bullying?": A Mixed-Methods Study of Personal Cyber Insurance
www.computer.org/csdl/proceed...
November 25, 2024 at 9:53 AM
What does personal cyber insurance cover?
Our new article found that personal cyber insurance covers a range of online harms, including social media abuse.
"Why would money protect me from cyber bullying?": A Mixed-Methods Study of Personal Cyber Insurance
www.computer.org/csdl/proceed...
Our new article found that personal cyber insurance covers a range of online harms, including social media abuse.
"Why would money protect me from cyber bullying?": A Mixed-Methods Study of Personal Cyber Insurance
www.computer.org/csdl/proceed...
Very proud of Lawrence (Yangheran) Piao who had his first article accepted at Oakland'25.
The paper looks at the role of hacker teams in the Chinese bug bounty ecosystem.
We very sadly lost Ross Anderson mid way through this project.
www.computer.org/csdl/proceed...
The paper looks at the role of hacker teams in the Chinese bug bounty ecosystem.
We very sadly lost Ross Anderson mid way through this project.
www.computer.org/csdl/proceed...
CSDL | IEEE Computer Society
www.computer.org
November 22, 2024 at 3:12 PM
Very proud of Lawrence (Yangheran) Piao who had his first article accepted at Oakland'25.
The paper looks at the role of hacker teams in the Chinese bug bounty ecosystem.
We very sadly lost Ross Anderson mid way through this project.
www.computer.org/csdl/proceed...
The paper looks at the role of hacker teams in the Chinese bug bounty ecosystem.
We very sadly lost Ross Anderson mid way through this project.
www.computer.org/csdl/proceed...
I enjoyed Tyler Cowen and Alex Tabarrok on insurance, especially reflections on where the good insurance scholarship is.
No surprise that the sociologists were more insightful than the economists.
marginalrevolution.com/marginalrevo...
No surprise that the sociologists were more insightful than the economists.
marginalrevolution.com/marginalrevo...
MR Podcast: Insurance! - Marginal REVOLUTION
In our new Marginal Revolution Podcast Tyler and I talk insurance, the history of insurance, the economics of insurance, the prospects for new types of insurance and more. Did you know that life insur...
marginalrevolution.com
November 21, 2024 at 8:02 PM
I enjoyed Tyler Cowen and Alex Tabarrok on insurance, especially reflections on where the good insurance scholarship is.
No surprise that the sociologists were more insightful than the economists.
marginalrevolution.com/marginalrevo...
No surprise that the sociologists were more insightful than the economists.
marginalrevolution.com/marginalrevo...
Reposted by Daniel W Woods
Most people outside of research are still unaware of how much the cyberattack on @britishlibrary.bsky.social is still affecting the research community one year on. Good piece covering that + need to invest in libraries
www.timeshighereducation.com/depth/how-br... @timeshighered.bsky.social
www.timeshighereducation.com/depth/how-br... @timeshighered.bsky.social
How the British Library cyberattack disrupted research
Academics who rely on the British Library’s unmatched collection are still feeling the impact of a devastating cyberattack a year ago. Jack Grove hears from those affected and considers how another ca...
www.timeshighereducation.com
November 21, 2024 at 10:59 AM
Most people outside of research are still unaware of how much the cyberattack on @britishlibrary.bsky.social is still affecting the research community one year on. Good piece covering that + need to invest in libraries
www.timeshighereducation.com/depth/how-br... @timeshighered.bsky.social
www.timeshighereducation.com/depth/how-br... @timeshighered.bsky.social
Reposted by Daniel W Woods
Still love this service we started way back when (2020 I think), & very proud that it’s now got over 35 million reports!
If you get a suspicious email then send it to report@phishing.gov.uk
If you get a suspicious email then send it to report@phishing.gov.uk
November 21, 2024 at 10:23 AM
Still love this service we started way back when (2020 I think), & very proud that it’s now got over 35 million reports!
If you get a suspicious email then send it to report@phishing.gov.uk
If you get a suspicious email then send it to report@phishing.gov.uk
Just made the jump. I research riveting topics like:
- Cyber insurance
- Cyber risk quantification
- Incident response
- Online tracking
I'm interested in understanding economic incentives and historical development using quantitative and qualitative methods.
- Cyber insurance
- Cyber risk quantification
- Incident response
- Online tracking
I'm interested in understanding economic incentives and historical development using quantitative and qualitative methods.
November 20, 2024 at 4:57 PM
Just made the jump. I research riveting topics like:
- Cyber insurance
- Cyber risk quantification
- Incident response
- Online tracking
I'm interested in understanding economic incentives and historical development using quantitative and qualitative methods.
- Cyber insurance
- Cyber risk quantification
- Incident response
- Online tracking
I'm interested in understanding economic incentives and historical development using quantitative and qualitative methods.