[Dailydave] Neal Stephenson, the EFF and Exploit Sales

Adriel T. Desautels adriel at netragard.com
Tue Aug 14 17:21:55 EDT 2012


Actually its not apples and oranges.  Most people are stunned when they
hear that only 0.12% of compromises are attributed to 0-day
vulnerabilities.  They are even more stunned when they find out that
only 6% of malware infections are attributed to the use of general
exploits (non-zeroday).

The point is, there are much bigger issues at hand that need to be
addressed like the fact that 90% of all compromises in 2011 were
attributed to vulnerabilities that had been in public domain for over
one year. 

How can anyone expect to protect themselves from zero-day's if they
can't protect themselves from known issues for which patches / fixes
already exist?

On 8/14/12 5:13 PM, Michal Zalewski wrote:
>> http://pentest.netragard.com/2012/08/13/selling-zero-days-doesnt-increase-your-risk-heres-why/
> I think it's apples and oranges. A vast majority of compromises happen
> due to user error, software design errors, or inadequate patching, and
> nobody in their right mind contests that. 0-day vulnerabilities
> surface in a variety of high-profile cases, and they are not a direct
> threat to most of the users. Which doesn't make them a non-issue - in
> fact, they are a huge practical issue in some settings.
>
> /mz

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120814/4f304a56/attachment.html>


More information about the Dailydave mailing list