[Dailydave] Neal Stephenson, the EFF and Exploit Sales
Adriel T. Desautels
adriel at netragard.com
Tue Aug 14 17:21:55 EDT 2012
Actually its not apples and oranges. Most people are stunned when they
hear that only 0.12% of compromises are attributed to 0-day
vulnerabilities. They are even more stunned when they find out that
only 6% of malware infections are attributed to the use of general
exploits (non-zeroday).
The point is, there are much bigger issues at hand that need to be
addressed like the fact that 90% of all compromises in 2011 were
attributed to vulnerabilities that had been in public domain for over
one year.
How can anyone expect to protect themselves from zero-day's if they
can't protect themselves from known issues for which patches / fixes
already exist?
On 8/14/12 5:13 PM, Michal Zalewski wrote:
>> http://pentest.netragard.com/2012/08/13/selling-zero-days-doesnt-increase-your-risk-heres-why/
> I think it's apples and oranges. A vast majority of compromises happen
> due to user error, software design errors, or inadequate patching, and
> nobody in their right mind contests that. 0-day vulnerabilities
> surface in a variety of high-profile cases, and they are not a direct
> threat to most of the users. Which doesn't make them a non-issue - in
> fact, they are a huge practical issue in some settings.
>
> /mz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120814/4f304a56/attachment.html>
More information about the Dailydave
mailing list