SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.
SoylentNews
RAND corporation recently received rare access to study a couple hundred 0-day vulnerabilities and their exploits.
It turns out that 0-day vulnerability discoveries live for about 6.9 years, and that the ones found by a pair of serious opponents (typically nation-state governments) have only a few percent overlap. This means that releasing discoveries to the public provides very little defensive value while obviously destroying offensive ability.
The report (summary and full text[PDF]) includes quite a bit more about the industry, including some estimates of pricing and headcount.
This discussion has been archived.
No new comments can be posted.
RAND Study Suggests 0-Day Exploits Should be Stockpiled
|
Log In/Create an Account
| Top
| 20 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
You are a fluke of the universe; you have no right to be here.
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @12:50PM (2 children)
and i am sure the stock market will rebound after the secretly faulty A.I. has de-orbitted all GPS satellites.
seriously ... if all cars were made in two countries only and then would go about not telling the other about flaws, this will
end it lots of customers dying in car crashes and the shareholders will stop smiling pretty soon?
we thus have to assume that something went wrong when RAND COMPUTED this result, maybe a recommended-as-withheld zer0day was at work?
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @01:12PM (1 child)
"hello fellow citizen! in the name of national security(*) your computing results maybe have to stay wrong and/or faulty! have a nice day!"
(*)?
(Score: 1) by khallow on Tuesday March 21 2017, @02:20PM
*zappity zap zap zap zap*