Study: Zero days rediscovered much faster
New research from Harvard suggests that the freshly discovered software flaws called zero day vulnerabilities are independently rediscovered much faster than previously thought. The rediscovery rate has big implications for U.S. cybersecurity policy because it would change the calculation officials make when deciding whether to reveal zero days discovered by U.S. agencies so they can be fixed, or keep them secret so they can be used to spy on foreign adversaries and in other cyber-operations. “If the rediscovery rate is this high, the number of vulnerabilities [secretly retained] for operational use should be lower or subject to more aggressive scrutiny,” said Trey Herr a post-doctoral fellow at the Belfer Center at Harvard. Herr, along with security guru Bruce Schneier and Christopher Morris, a research assistant from the Harvard school of engineering, published their findings this week after a lengthy peer-review process, and will present them at the Black Hat USA conference in Las Vegas next week. […]
The post Study: Zero days rediscovered much faster appeared first on Cyberscoop.