Attacker-centric risk assessment and metrics

In this talk we propose a risk assessment paradigm which uses the attacker's point of view. Our proposal incorporates a symbiosis between threat discovery and threat classification where we are able to plan tests for the most important threats and concurrently analyze the results we obtain. Our research is based in the idea that attacker-centric risk and metrics principles should guide the next generations of assessment tools.