Re: Remote language detection

["Steven M. Christey" <coley () mitre org>]

> There's been a commoditization of known vulnerabilities. I don't think
> it will be that long from now where a penetration testing service that
> does not offer 0day testing will be completely devalued. Essentially
> this is where penetration testing is already, since most of what you
> do in a test is web-based which is essentially 0day testing.

If so, then this could be a worrisome trend if professionals keep
off-the-shelf 0days for a competitive advantage instead of notifying
the vendors and working on a fix.  Obviously location-specific custom
software does not apply here.

I think something similar to that happened in the early days of
vulnerability scanners.

- Steve
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave