Slash Boxes

SoylentNews is people

Submission Preview

Link to Story

RAND study suggests 0-day exploits should be stockpiled

Accepted submission by Albert at 2017-03-20 08:10:22

RAND got exclusive access to study a couple hundred 0-day vulnerabilities and their exploits.

It turns out that 0-day vulnerability discoveries live for about 6.9 years, and that the ones found by a pair of serious opponents (typically nation-state governments) have only a few percent overlap. This means that releasing discoveries to the public provides very little defensive value while obviously destroying offensive ability.

The report (summary [] which links to this PDF []) includes quite a bit more about the industry, including some estimates of pricing and headcount.

Original Submission