Stories
Slash Boxes
Comments

SoylentNews is people

RAND Study Suggests 0-Day Exploits Should be Stockpiled

posted by Fnord666 on Tuesday March 21 2017, @05:53AM   Printer-friendly
from the keep-it-to-yourself dept.

"Albert" writes:

RAND corporation recently received rare access to study a couple hundred 0-day vulnerabilities and their exploits.

It turns out that 0-day vulnerability discoveries live for about 6.9 years, and that the ones found by a pair of serious opponents (typically nation-state governments) have only a few percent overlap. This means that releasing discoveries to the public provides very little defensive value while obviously destroying offensive ability.

The report (summary and full text[PDF]) includes quite a bit more about the industry, including some estimates of pricing and headcount.

Original Submission

 
This discussion has been archived. No new comments can be posted.
RAND Study Suggests 0-Day Exploits Should be Stockpiled | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday March 21 2017, @05:08PM

    by Anonymous Coward on Tuesday March 21 2017, @05:08PM (#482245)

    It's #4 and #5, with multiple ways of estimating and lots of statistics.