| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by fulafel 3518 days ago
	So that's linking to a Forbes article that's paraphrasing this study from 2012: https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12... It doesn't support your assertion but it's still interesting 2008-2010 data from an antivirus vendor. It's talking about about how long some vulnerabilities were exploited by malware before getting disclosed, use in targeted attacks, and so on.

1 comments

XparXnoiAx 3518 days ago

The study says that most vulnerabilities were being exploited before being disclosed.

link

fulafel 3518 days ago

I don't think it says that about the set of all vulnerabilities (IOW - citation needed!).

It does say "In this paper, we consider only exploits that have been used in real-world attacks before the corresponding vulnerabilities were disclosed" so it's unsurprising that in their dataset this is the case :)

link

XparXnoiAx 3517 days ago

Yeap, you're right, I misread. Here is a quote from the paper: "15% of these exploits were created before the disclosure of the corresponding vulnerability." So there's a lower bound.

link