How to combat the long lives of zero-day vulnerabilities
We’ve all heard stories about advanced nation-states leveraging zero-days to exploit a previously unknown security vulnerability. Perhaps the most infamous example is Stuxnet (with its four zero-days) that survived for an estimated five years prior to being discovered. However, that does not mean the ability to develop exploits for zero-day vulnerabilities is reserved only for well-financed state-sponsored actors. According to RAND Corporation research, “…any serious attacker can always get an affordable zero-day for almost any target.” Worse, the data suggests that the time between vulnerability discovery to public disclosure and patch availability is almost seven years, a big red flag indicating that companies are dramatically underestimating their exposure. The term “zero-day vulnerability” is a bit of a misnomer, because it might convey that an attacker tries to quickly get in to victims’ computers, exfiltrate data or launch malware and get out. But just the opposite is the case, as some of […]
The post How to combat the long lives of zero-day vulnerabilities appeared first on Cyberscoop.
Continue reading How to combat the long lives of zero-day vulnerabilities