Report: Zero-Day exploits are nearing

Subject: Report: Zero-Day exploits are nearing
From: Gary Stoneburner <gary.stoneburner@nist.gov>
Date: Wed, 17 Mar 2004 10:02:59 -0500
Content-Type: multipart/alternative; boundary="=====================_711640==.ALT"

re: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci955335,00.html

"there was a monthly average of 115 "moderately severe" flaws last year ..."

"The time is coming when zero-day threats will become a reality, according to Symantec Corp.'s recently released Internet Security Threat Report."

Is "will become" the appropriate tense? What makes an exploit a zero-day exploit? Isn't it that the attacker knows about the flaw to exploit and you don't? The reason we know about a flaw is only that the individual who discovered it chose (operative word is decided!) to tell us.

Do you really think that flaw are uncovered only by people who want to tell us what they found?!?

Cheers,
Gary

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************

Prev by Date: :-) - deadly dihydrogen monoxide - :-)
Next by Date: Latest Bagle worm both nasty and sneaky
Prev by thread: Latest Bagle worm both nasty and sneaky
Next by thread: :-) - deadly dihydrogen monoxide - :-)

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov