RAND corporation recently received rare access to study a couple hundred 0-day vulnerabilities and their exploits.
It turns out that 0-day vulnerability discoveries live for about 6.9 years, and that the ones found by a pair of serious opponents (typically nation-state governments) have only a few percent overlap. This means that releasing discoveries to the public provides very little defensive value while obviously destroying offensive ability.
The report (summary and full text[PDF]) includes quite a bit more about the industry, including some estimates of pricing and headcount.
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @12:50PM (2 children)
and i am sure the stock market will rebound after the secretly faulty A.I. has de-orbitted all GPS satellites.
seriously ... if all cars were made in two countries only and then would go about not telling the other about flaws, this will
end it lots of customers dying in car crashes and the shareholders will stop smiling pretty soon?
we thus have to assume that something went wrong when RAND COMPUTED this result, maybe a recommended-as-withheld zer0day was at work?
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @01:12PM (1 child)
"hello fellow citizen! in the name of national security(*) your computing results maybe have to stay wrong and/or faulty! have a nice day!"
(*)?
(Score: 1) by khallow on Tuesday March 21 2017, @02:20PM
*zappity zap zap zap zap*