The effectiveness of vulnerability disclosure and exploit development

2020-11-19 06:00

New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible vulnerability disclosure and exploit development.

The analysis of 473 publicly exploited vulnerabilities challenges long-held assumptions of the security space - namely, disclosure of exploits before a patch is available does not create a sense of urgency among companies to fix the problem.

At the heart of the vulnerability disclosure practice is a mix of competing incentives for software publishers, IT teams, and the independent security researchers that find software vulnerabilities.

When a vulnerability is found, researchers disclose its existence and the relevant code they used to exploit the application.

About 7% of vulnerabilities are exploited before a CVE is published, a patch is available, and exploit code is released.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/vPnarAaH-sE/

#development #disclosure #exploit #vulnerability

News URL

Related news