[Dailydave] Modern Physics of 0days
Curt Wilson
curtwilson618 at gmail.com
Sun Feb 14 18:39:49 EST 2016
The blog seems to indicate that the concept of a window of vulnerability is
some type of fixed static property and criticizes those that use the
concept as archaic and out of touch. Might a window of vulnerability be
much more dynamic and subject to all of the types of variables that you
have enumerated therein? Therefore we can't define it in terms of how many
days a vulnerability is exploitable until a patch or mitigation is applied,
but what the attack surface is around that vulnerability in the context of
an exploitation campaign, target, or environment. A simple time-based
metric cannot consider all of this context and if that's what you are
saying then I understand.
On Thursday, February 11, 2016, Dave Aitel <dave.aitel at gmail.com> wrote:
> http://cybersecpolitics.blogspot.com/2016/02/0days.html
>
> Today, on a day when we've discovered the existence of gravitational waves
> in the wild, I wanted to move our discussions of vulnerabilities and 0days
> towards the modern level that the offensive community has been using for
> over a decade. The above blog post is my attempt at a first baby-step.
>
> -dave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160214/680b1c34/attachment.html>
More information about the Dailydave
mailing list