Empirical Studies
August 25, 2004
This section includes links to studies and research measuring current security practices. The topics may (or may not) be related to security economics. Fair game includes end-user policies and practice, password effectiveness, patch management, and other subjects that lend themselves to controlled studies. End-User Security # The Memorability and Security of Passwords – Some Empirical Results, Yan J, Blackwell A, Anderson R, & Grant A, June 2004. Ross Anderson and colleagues from Cambridge University have released an empiricial study of password effectiveness measuring the relative effectiveness of simple, random, and mnemonic passwords. ...