Completed
Our findings can help inform the retain vs. disclose discussions
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Zero Days, Thousands of Nights - The Life & Times of Zero-Day Vulnerabilities and Their Exploits
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 The decision calculus is complicated
- 3 We focus on characteristics of the vulnerabilities
- 4 Various groups search for vulnerabilities
- 5 BUSBY finds zero-day vulnerabilities, and develops exploits for them
- 6 Data stats: three main types of vulnerabilities
- 7 Vulnerability Sub-Type: Memory Corruption
- 8 Vulnerability Sub-Type: Memory Mismanagement
- 9 Vulnerability Sub-Type: Logic
- 10 Data stats: number of vulnerabilities per source code type
- 11 Data stats: number of vulnerabilities found and exploited, by vendor
- 12 Some other observations about the data
- 13 Exploit development time is relatively short
- 14 Mitigations have affected exploitability (e.g., heap vs stack overflow)
- 15 Exploit development career lengths vary
- 16 There are some caveats to our research
- 17 Life Status
- 18 About 1 in 6 of the alive are immortal
- 19 Patches killed most of the dead
- 20 Code revisions created a bunch of code refactored "zombies"
- 21 Longevity
- 22 We plotted the survival probability of our data
- 23 Average life expectancy is nearly 7 years
- 24 Do certain characteristics indicate a long or short life?
- 25 Does life expectancy or survival probability change over time?
- 26 Collision Rate
- 27 Clarity about time intervals is important
- 28 Implications and recommendations of findings
- 29 Our findings can help inform the retain vs. disclose discussions
- 30 Zero-days affect many sectors, and raise policy questions
- 31 Key findings