SAINT project analysed:
• over 76 cyber security metrics, indicators & open source intelligence methodologies
• over 50 cyber security standards, benchmarking and best practices
• 6 security market & revenue models
• over 60 cyber security solutions and products
• identified 8 cyber security failures and requirements
• created 8 new economic models
• proposed over 10 cyber security oriented recommendations to corresponding stakeholders
• provided over 7 tools for behavioral and social analysis, decision support, risk and cost assessment and information sharing
SAINT accomplished interesting results in 4 directions:
1) Surveys
2) Databases
3) Tools
4) Econometric & Empirical Analysis
Regarding SAINT surveys, the project accomplished:
• improved understanding of information security failures
• more informed and risk-based investment decisions in cyber security
• facilitation of information sharing between cyber security actors
Regarding SAINT databases, the project created:
• a public online searchable indicator database
• a number of confidential databases
Regarding SAINT tools, SAINT created:
• the SAINT Global Security Map
• the Cyber security Social Network Analyzer (CSNA)
• the SAINT Social Network Analyzer (SNA) for Twitter
• the SAINT Clearnet Crawler
• a Bug Bounty Analyzer
• a URL Vulnerability Assessment Tool
Regarding SAINT Econometric and Empirical Analysis, the accomplishments and results are summarized as follows:
• SAINT research demonstrates the potential benefits of co-operation between firms in the areas of exchanging information and participating in mutual co-operative schemes
• Real (deflated) long-run average production cost has a 4% – 7% negative elasticity on the percentage of firms participating in information sharing processes (1st form of cooperation)
• Elasticity of demand for Cloud Internet purchased computer services (2nd form of cooperation) is significantly positive by almost 5% towards the wage rate in the IT sector for specialized IT labor force
• Empirical research yielded a below unity inelastic demand (price elasticity = -0.03) for vulnerability disclosures by the firms. In case of a 10% rise of the price of a bug bounty, there will be a corresponding fall of 3% in the demand of firms for vulnerability disclosures
• Despite increases of bug bounties, firms will still be willing to pay these higher prices of vulnerability disclosures rather than turning to other solutions
The most significant exploitable results of SAINT follow:
• SAINT surveys
• SAINT databases
• SAINT Tools
• SAINT theoretical models about the cost of cyber-crime incidents on organizations’ assets
• SAINT cyber-security metrics
Exploitation will be achieved through one or more start-ups that will be initiated by the SAINT consortium. The start-ups could be either technology-based, for exploiting the tools and databases, or theoretical-based, for exploiting and conducting cyber security surveys and performing econometric and empirical analysis. The first step has been already made as a joint venture has been initiated by CYBE and MNTMG to offer Cyber Threat Intelligence services. The company is called SISSDEN BV (
https://sissden.com/(si apre in una nuova finestra)).
The dissemination results of SAINT project are quite impressive:
• the project’s website has over 500 hits per month
• 3 leaflets/brochures have been circulated throughout the project
• 11 peer-review publications have been achieved
• 6 press releases have been released
• 2 demonstration videos have been created
• 18 blog texts have been uploaded
• 6 newsletters have been released
• 2 whitepapers have been published
• 2 related workshops have been organized
• over 35 presentations in related events, conferences and workshops