For the following cost estimate, an annual salary of $70,000 was assumed. An annual salary of $70,000 converts to $33.65 per hour, assuming 52 weeks and 40 hours of work per week.
Person | Hours | Cost | -15% | +15% |
Steve | 28 | $942.20 | $800.87 | $1,083.53 |
Vandana | 17 | $572.05 | $486.24 | $657.86 |
Sandeep | 12 | $403.80 | $343.23 | $464.37 |
Sachin | 7 | $235.55 | $200.22 | $270.88 |
Total | 64 | $2,153.60 | $1,830.56 | $2,476.64 |
Steve | 15 years experience in Computer Science research; 2 years in computer security; 24 years experience programming; currently an associate professor (so we know those years of experience aren't "real"!) |
Vandana | 18 months experience in Computer Security; 3 years of programming experience; currently a master's student |
Sandeep | 9 months experience in computer security; 6 years programming experience; currently a master's student. |
Sachin | 6 months experience in system administration; 3 months experience in security; 5 years programming experience; currently a master's student |
Furthermore, as part of this challenge we "over-did" much of the research. For example, writing a full-blown control program is clearly not necessary to understand the functioning of the challenge binary, but we did it anyway. To understand the very basic functioning of the binary and how to detect and remove it would probably have taken only about 10-15 hours, followed by about 5 hours to write the advisories (without the technical details appendix), making the cost-estimate in the range of $500-$700.