Dailydave mailing list archives
Re: Exploits matter.
From: Matt Olney <molney () sourcefire com>
Date: Thu, 8 Oct 2009 21:26:22 -0400
OK...exploits are hard to develop. But that doesn't make defense easier. In fact, I would anticipate it making it much, much harder. As the bar raises, the organizations that can field the kind of expertise that can correctly interpret the impact of various vulnerabilities will shrink. Many of those remaining (certainly not all) will have a significant motivation not to share their information (gov/mil/ngo/criminal). This will make the problem of evaluating and prioritizing patching even more of an issue. I would also think that this might shift more of the burden to software vendors, as an increasing percentage of disclosures will come in the form of "in-the-wild" 0-day. Users are then at the mercy of software vendors to quickly and accurately patch issues. I think its clear from the behavior of several vendors over the past year that we have a long way to go in improving that response. In some cases, a very long way. Matt On Thu, Oct 8, 2009 at 8:51 PM, Fuzzy Hoodie-Monster <mr.monkey () gmail com> wrote:
On Wed, Oct 7, 2009 at 6:24 AM, Matt Olney <molney () sourcefire com> wrote:Or, as I often put it, defense sucks.Except that Dave started this thread by saying how much harder it was to develop this exploit than in the old days.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Exploits matter. dave (Oct 06)
- Re: Exploits matter. dan (Oct 07)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Matt Olney (Oct 07)
- Re: Exploits matter. Fuzzy Hoodie-Monster (Oct 08)
- Re: Exploits matter. Matt Olney (Oct 09)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Tom Parker (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. Matthew Wollenweber (Oct 08)
- Re: Exploits matter. dan (Oct 07)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 22)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Re: Exploits matter. Tom Parker (Oct 08)