|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: AV/FW Adoption Sudies
[email protected] writes: > On Thu, 10 Jun 2004 13:30:41 PDT, Eric Rescorla said: > >> [0] Note that this doesn't require that the chance of finding >> any particular bug upon inspection of the code be very low >> high, but merely that there not be very deep coverage of >> any particular code section. > > Right. However, if you hand the team of white hats and the team of > black hats the same "Chatter has it there's a 0-day in Apache's > mod_foo handler".... Ok, now we're getting somewhere. I'm asking the question: If you find some bug in the normal course of your operations (i.e. nobody told you where to look) how likely is it that someone else has already found it? And you're asking a question more like: Given that you hear about a bug before its release, how likely is it that some black hat alredy knows? I think that the answer to the first question is probably "fairly low". I agree that the answer to the second question is probably "reasonably high". -Ekr
|