Stories
Slash Boxes
Comments

SoylentNews is people

RAND Study Suggests 0-Day Exploits Should be Stockpiled

posted by Fnord666 on Tuesday March 21 2017, @05:53AM   Printer-friendly
from the keep-it-to-yourself dept.

"Albert" writes:

RAND corporation recently received rare access to study a couple hundred 0-day vulnerabilities and their exploits.

It turns out that 0-day vulnerability discoveries live for about 6.9 years, and that the ones found by a pair of serious opponents (typically nation-state governments) have only a few percent overlap. This means that releasing discoveries to the public provides very little defensive value while obviously destroying offensive ability.

The report (summary and full text[PDF]) includes quite a bit more about the industry, including some estimates of pricing and headcount.

Original Submission

 
This discussion has been archived. No new comments can be posted.
RAND Study Suggests 0-Day Exploits Should be Stockpiled | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday March 22 2017, @12:55AM (1 child)

    by Anonymous Coward on Wednesday March 22 2017, @12:55AM (#482483)

    The UK is part of 5EYES, cooperating with us. Sure, they may cheat, but they can't afford to piss us off.

    Most of Europe is being cheap. They habitually underfund their military.

    I covered "Middle-Eastern/Gulf countries, South-and-East-Asian countries" with Hacking Team. Yep, it's pitiful. They depend on shitty stuff from Hacking Team, and even Hacking Team laughs at the incompetence.

  • (Score: 2) by bob_super on Wednesday March 22 2017, @04:17PM

    by bob_super (1357) on Wednesday March 22 2017, @04:17PM (#482810)

    The level of clueless hurts.