Re: Modern Physics of 0days

[Curt Wilson <curtwilson618 () gmail com>]

The blog seems to indicate that the concept of a window of vulnerability is
some type of fixed static property and criticizes those that use the
concept as archaic and out of touch.  Might a window of vulnerability be
much more dynamic and subject to all of the types of variables that you
have enumerated therein? Therefore we can't define it in terms of how many
days a vulnerability is exploitable until a patch or mitigation is applied,
but what the attack surface is around that vulnerability in the context of
an exploitation campaign, target, or environment.  A simple time-based
metric cannot consider all of this context and if that's what you are
saying then I understand.

On Thursday, February 11, 2016, Dave Aitel <dave.aitel () gmail com> wrote:

> http://cybersecpolitics.blogspot.com/2016/02/0days.html
>
> Today, on a day when we've discovered the existence of gravitational waves
> in the wild, I wanted to move our discussions of vulnerabilities and 0days
> towards the modern level that the offensive community has been using for
> over a decade. The above blog post is my attempt at a first baby-step.
>
> -dave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave