Security News > 2021 > May > When exploit code precedes a patch, attackers gain a massive head start

When exploit code precedes a patch, attackers gain a massive head start
2021-05-14 03:30

The research found that when exploit code disclosure precedes a patch, attackers gain a 98-day advantage over defenders - that is, attackers deploy the exploit against more assets than defenders can mitigate for more than three months.

The release of exploit code also drives a massive volume of exploits.

Just 1.3 percent of vulnerabilities have been exploited in the wild AND have publicly available exploit code.

"When exploit code is integrated into hacking tools - both legitimate and malicious - it becomes faster and cheaper to find and exploit security weaknesses."

Exploit code disclosure benefits attackers more than defenders.

"Very little objective research has been done on both the potential benefits and harm caused by well-intentioned security researchers releasing weaponized exploit code. The data provides clear guidance to the security community: publicly sharing exploit code benefits attackers more than defenders."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/VK8eLEJWtP0/