Stories
Slash Boxes
Comments

SoylentNews is people

RAND Study Suggests 0-Day Exploits Should be Stockpiled

posted by Fnord666 on Tuesday March 21 2017, @05:53AM   Printer-friendly
from the keep-it-to-yourself dept.

"Albert" writes:

RAND corporation recently received rare access to study a couple hundred 0-day vulnerabilities and their exploits.

It turns out that 0-day vulnerability discoveries live for about 6.9 years, and that the ones found by a pair of serious opponents (typically nation-state governments) have only a few percent overlap. This means that releasing discoveries to the public provides very little defensive value while obviously destroying offensive ability.

The report (summary and full text[PDF]) includes quite a bit more about the industry, including some estimates of pricing and headcount.

Original Submission

 
This discussion has been archived. No new comments can be posted.
RAND Study Suggests 0-Day Exploits Should be Stockpiled | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by tangomargarine on Tuesday March 21 2017, @02:29PM

    by tangomargarine (667) on Tuesday March 21 2017, @02:29PM (#482150)

    Assuming of course you trust said allies to give you the complete list, which would be doubtful, Trump or no.

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2