Dailydave mailing list archives
Re: Modern Physics of 0days
From: Curt Wilson <curtwilson618 () gmail com>
Date: Sun, 14 Feb 2016 17:39:49 -0600
The blog seems to indicate that the concept of a window of vulnerability is some type of fixed static property and criticizes those that use the concept as archaic and out of touch. Might a window of vulnerability be much more dynamic and subject to all of the types of variables that you have enumerated therein? Therefore we can't define it in terms of how many days a vulnerability is exploitable until a patch or mitigation is applied, but what the attack surface is around that vulnerability in the context of an exploitation campaign, target, or environment. A simple time-based metric cannot consider all of this context and if that's what you are saying then I understand. On Thursday, February 11, 2016, Dave Aitel <dave.aitel () gmail com> wrote:
http://cybersecpolitics.blogspot.com/2016/02/0days.html Today, on a day when we've discovered the existence of gravitational waves in the wild, I wanted to move our discussions of vulnerabilities and 0days towards the modern level that the offensive community has been using for over a decade. The above blog post is my attempt at a first baby-step. -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Modern Physics of 0days Dave Aitel (Feb 11)
- Re: Modern Physics of 0days Curt Wilson (Feb 18)