Security News > 2020 > November > The effectiveness of vulnerability disclosure and exploit development
New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible vulnerability disclosure and exploit development.
The analysis of 473 publicly exploited vulnerabilities challenges long-held assumptions of the security space - namely, disclosure of exploits before a patch is available does not create a sense of urgency among companies to fix the problem.
At the heart of the vulnerability disclosure practice is a mix of competing incentives for software publishers, IT teams, and the independent security researchers that find software vulnerabilities.
When a vulnerability is found, researchers disclose its existence and the relevant code they used to exploit the application.
About 7% of vulnerabilities are exploited before a CVE is published, a patch is available, and exploit code is released.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/vPnarAaH-sE/
Related news
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (source)
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (source)