[Dailydave] Neal Stephenson, the EFF and Exploit Sales

Michal Zalewski lcamtuf at coredump.cx
Tue Aug 14 17:13:56 EDT 2012

> http://pentest.netragard.com/2012/08/13/selling-zero-days-doesnt-increase-your-risk-heres-why/

I think it's apples and oranges. A vast majority of compromises happen
due to user error, software design errors, or inadequate patching, and
nobody in their right mind contests that. 0-day vulnerabilities
surface in a variety of high-profile cases, and they are not a direct
threat to most of the users. Which doesn't make them a non-issue - in
fact, they are a huge practical issue in some settings.


More information about the Dailydave mailing list