AV/FW Adoption Sudies

• Previous message (by thread): AV/FW Adoption Sudies
• Next message (by thread): AV/FW Adoption Sudies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valdis.Kletnieks at vt.edu writes:

> On Thu, 10 Jun 2004 13:30:41 PDT, Eric Rescorla said:
>
>> [0] Note that this doesn't require that the chance of finding
>> any particular bug upon inspection of the code be very low
>> high, but merely that there not be very deep coverage of
>> any particular code section.
>
> Right.  However, if you hand the team of white hats and the team of
> black hats the same "Chatter has it there's a 0-day in Apache's
> mod_foo handler"....

Ok, now we're getting somewhere.

I'm asking the question:
If you find some bug in the normal course of your operations
(i.e. nobody told you where to look) how likely is it that
someone else has already found it?

And you're asking a question more like:
Given that you hear about a bug before its release, how likely
is it that some black hat alredy knows?

I think that the answer to the first question is probably
"fairly low". I agree that the answer to the second question is
probably "reasonably high".

-Ekr

• Previous message (by thread): AV/FW Adoption Sudies
• Next message (by thread): AV/FW Adoption Sudies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]