Impressed by the new ZeroDayClock effort/collective/call highlighting that the window between vuln and exploit now must be assumed as t=0.
-
Impressed by the new ZeroDayClock effort/collective/call highlighting that the window between vuln and exploit now must be assumed as t=0.
The call to action is solid, though sadly nothing terribly new. Secure by design, adapt policies and practices. Liability, eridacate classes of vulns.
-
Impressed by the new ZeroDayClock effort/collective/call highlighting that the window between vuln and exploit now must be assumed as t=0.
The call to action is solid, though sadly nothing terribly new. Secure by design, adapt policies and practices. Liability, eridacate classes of vulns.
Very much reminds me of @joshcorman ’s idea of "HD Moore's Law" @hdm . Cybersecurity has come far in 15 (!) years--think of how normalized CVD is--but not nearly far enough. And the above piece neatly frames that this isn't an infosec problem, it's a cross-sector ecosystem problem.
https://blog.cognitivedissidents.com/2011/11/01/intro-to-hdmoores-law/
-
Impressed by the new ZeroDayClock effort/collective/call highlighting that the window between vuln and exploit now must be assumed as t=0.
The call to action is solid, though sadly nothing terribly new. Secure by design, adapt policies and practices. Liability, eridacate classes of vulns.
@allanfriedman it’s wild the exploit rate hovers around 1% all this time
-
@allanfriedman it’s wild the exploit rate hovers around 1% all this time
@joshbressers @allanfriedman though the number of CVEs grew considerably over that same time
-
@joshbressers @allanfriedman though the number of CVEs grew considerably over that same time
@douglevin @allanfriedman a lot of the CVE growth has been from a small number of CNAs. I would have expected the number explored to drop
-
R relay@relay.infosec.exchange shared this topic
