From an attacker's perspective this is the defender attacking the exploit supply chain - where there are two parties, one which writes the exploits and the other which uses them, it's hard to cycle new targets into the mix. Hence, the target that is most prolific is the one that has been QA'd and tested. If you are three rev's back, you are likely to still be vulnerable, but not tested against, and hence, not owned.
This is a problem for people who use products like CANVAS, MSF, CORE, etc. - none of us can afford to target or QA every possible configuration of IE, for example. The counter-example is a tightly integrated attack and R&D team. In this case older is definitely not better. Many of your top-tier hackers are fully integrated like this (sometimes in just one person), and the combination is pretty devastating no matter what you're running, imho. -dave On 9/18/2013 6:23 AM, [email protected] wrote: > Wolfgang, Once upon a time it was shown that the most attacked > versions of software tended to be one revision off of current, > leading to the strategy that you should keep up or stay well behind > (like a herd animal either staying in the center of the herd or > hiding in the bush but *never* being in the trailing edge of the > herd as that's where the predators were). Coupled with the observed > propensity of so many software houses to have upgrades that add > all-but-gratuitous features, it seemed almost preferable to take > the hide-in-the-bush strategy if you had any technical skill at > all. > > Expand on this in whatever direction you can, if you like. > > --dan > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
