SoylentNews is people
SoylentNews
RAND corporation recently received rare access to study a couple hundred 0-day vulnerabilities and their exploits.
It turns out that 0-day vulnerability discoveries live for about 6.9 years, and that the ones found by a pair of serious opponents (typically nation-state governments) have only a few percent overlap. This means that releasing discoveries to the public provides very little defensive value while obviously destroying offensive ability.
The report (summary and full text[PDF]) includes quite a bit more about the industry, including some estimates of pricing and headcount.
This discussion has been archived.
No new comments can be posted.
RAND Study Suggests 0-Day Exploits Should be Stockpiled
|
Log In/Create an Account
| Top
| 20 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
As to the Adjective: when in doubt, strike it out.
-- Mark Twain, "Pudd'nhead Wilson's Calendar"
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @02:16PM (5 children)
Even if that's true, it's still a lot. There are about 200 nations out there and most of them have significant resources at their disposal.
And then there is the question which country has the most to lose. Hint, it's the more advanced countries generally.
Breaking things is easy, making them is hard.
Do the right thing and patch the vulnerabilities. Hell make it a "prisoner exchange" with foreign governments so everybody profits.
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @03:08PM (4 children)
This isn't something really done in Somalia, Guatemala, Haiti, Bangladesh, Nauru, and Lesotho.
The main threats are: China, Russia, France, Israel, Iran, India, North Korea. Besides them, things aren't too serious.
The loser countries buy from loser companies like Hacking Team. This stuff is weak. Hacking Team doesn't bother with having more than a handful of exploits at most.
The right thing is to protect our country by doing things like Stuxnet, which set back Iran's nuclear weapons program by a couple years. Imagine if you could make Russian SLBMs obey a geofence to stay out of the USA. That could save our asses someday.
(Score: 2) by maxwell demon on Tuesday March 21 2017, @07:13PM
How do you know that is not already done?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by bob_super on Tuesday March 21 2017, @09:42PM (2 children)
> The main threats are: China, Russia, France, Israel, Iran, India, North Korea. Besides them, things aren't too serious.
*recovers from laughing*
I've got a bridge to sell you if you don't think that most Middle-Eastern/Gulf countries, South-and-East-Asian countries, and most of Europe (plus the UK) should be on your cute little list.
"Sure, we spend billions on weapons, but who cares about them cybers?"
Seriously deluded.
(Score: 0) by Anonymous Coward on Wednesday March 22 2017, @12:55AM (1 child)
The UK is part of 5EYES, cooperating with us. Sure, they may cheat, but they can't afford to piss us off.
Most of Europe is being cheap. They habitually underfund their military.
I covered "Middle-Eastern/Gulf countries, South-and-East-Asian countries" with Hacking Team. Yep, it's pitiful. They depend on shitty stuff from Hacking Team, and even Hacking Team laughs at the incompetence.
(Score: 2) by bob_super on Wednesday March 22 2017, @04:17PM
The level of clueless hurts.