Actually its not apples and oranges. Most people are stunned when they hear that only 0.12% of compromises are attributed to 0-day vulnerabilities. They are even more stunned when they find out that only 6% of malware infections are attributed to the use of general exploits (non-zeroday).
The point is, there are much bigger issues at hand that need to be addressed like the fact that 90% of all compromises in 2011 were attributed to vulnerabilities that had been in public domain for over one year. How can anyone expect to protect themselves from zero-day's if they can't protect themselves from known issues for which patches / fixes already exist? On 8/14/12 5:13 PM, Michal Zalewski wrote: >> http://pentest.netragard.com/2012/08/13/selling-zero-days-doesnt-increase-your-risk-heres-why/ > I think it's apples and oranges. A vast majority of compromises happen > due to user error, software design errors, or inadequate patching, and > nobody in their right mind contests that. 0-day vulnerabilities > surface in a variety of high-profile cases, and they are not a direct > threat to most of the users. Which doesn't make them a non-issue - in > fact, they are a huge practical issue in some settings. > > /mz
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
