[Dailydave] Neal Stephenson, the EFF and Exploit Sales
Michal Zalewski
lcamtuf at coredump.cx
Tue Aug 14 17:13:56 EDT 2012
> http://pentest.netragard.com/2012/08/13/selling-zero-days-doesnt-increase-your-risk-heres-why/
I think it's apples and oranges. A vast majority of compromises happen
due to user error, software design errors, or inadequate patching, and
nobody in their right mind contests that. 0-day vulnerabilities
surface in a variety of high-profile cases, and they are not a direct
threat to most of the users. Which doesn't make them a non-issue - in
fact, they are a huge practical issue in some settings.
/mz
More information about the Dailydave
mailing list