Reflections on the Engineering and Operation of a Large-Scale Embedded Device Vulnerability Scanner Cui Ang author Columbia University. Computer Science Stolfo Salvatore author Columbia University. Computer Science Columbia University. Computer Science originator text Articles 2011 manuscript version English We present important lessons learned from the engineering and operation of a large-scale embedded device vulnerability scanner infrastructure. Developed and refined over the period of one year, our vulnerability scanner monitored large portions of the Internet and was able to identify over 1.1 million publicly accessible trivially vulnerable embedded devices. The data collected has helped us move beyond vague, anecdotal suspicions of embedded insecurity towards a realistic quantitative understanding of the current threat. In this paper, we describe our experimental methodology and reflect on key technical, organizational and social challenges encountered during our research. We also discuss several key technical design missteps and operational failures and their solutions. Computer science Web studies Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security: BADGERS 2011: April 10, 2011, Salzburg, Austria Kirda Engin editor Holz Thorsten editor New York ACM Press 2011 8 18 http://dx.doi.org/10.1145/1978672.1978674 </titleInfo> </relatedItem> </relatedItem> <identifier type="hdl">http://hdl.handle.net/10022/AC:P:14879</identifier> <location> <physicalLocation authority="marcorg">NNC</physicalLocation> </location> <recordInfo> <recordContentSource authority="marcorg">NNC</recordContentSource> <recordCreationDate encoding="w3cdtf">2012-10-10 15:48:55 -0400</recordCreationDate> <recordChangeDate encoding="w3cdtf">2012-10-10 15:56:05 -0400</recordChangeDate> <recordIdentifier>8883</recordIdentifier> <languageOfCataloging> <languageTerm authority="iso639-2b">eng</languageTerm> </languageOfCataloging> </recordInfo> </mods>