Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Neal Stephenson, the EFF and Exploit Sales

From: "Adriel T. Desautels" <adriel () netragard com>
Date: Tue, 14 Aug 2012 17:21:55 -0400
Actually its not apples and oranges.  Most people are stunned when they
hear that only 0.12% of compromises are attributed to 0-day
vulnerabilities.  They are even more stunned when they find out that
only 6% of malware infections are attributed to the use of general
exploits (non-zeroday).

The point is, there are much bigger issues at hand that need to be
addressed like the fact that 90% of all compromises in 2011 were
attributed to vulnerabilities that had been in public domain for over
one year. 

How can anyone expect to protect themselves from zero-day's if they
can't protect themselves from known issues for which patches / fixes
already exist?

On 8/14/12 5:13 PM, Michal Zalewski wrote:

http://pentest.netragard.com/2012/08/13/selling-zero-days-doesnt-increase-your-risk-heres-why/

I think it's apples and oranges. A vast majority of compromises happen
due to user error, software design errors, or inadequate patching, and
nobody in their right mind contests that. 0-day vulnerabilities
surface in a variety of high-profile cases, and they are not a direct
threat to most of the users. Which doesn't make them a non-issue - in
fact, they are a huge practical issue in some settings.

/mz



_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: