Security News > 2020 > November > The effectiveness of vulnerability disclosure and exploit development
New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible vulnerability disclosure and exploit development.
The analysis of 473 publicly exploited vulnerabilities challenges long-held assumptions of the security space - namely, disclosure of exploits before a patch is available does not create a sense of urgency among companies to fix the problem.
At the heart of the vulnerability disclosure practice is a mix of competing incentives for software publishers, IT teams, and the independent security researchers that find software vulnerabilities.
When a vulnerability is found, researchers disclose its existence and the relevant code they used to exploit the application.
About 7% of vulnerabilities are exploited before a CVE is published, a patch is available, and exploit code is released.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/vPnarAaH-sE/
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices (source)
- Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)