Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Submission + - Hackers' 'Zero-Day' Exploits Stay Secret For Ten Months On Average (forbes.com)

Sparrowvsrevolution writes: Maybe instead of zero day vulnerabilities, we should call them -312 day vulnerabilities. That's how long it takes on average for software vendors to become aware of new vulnerabilities in their software after hackers begin to exploit them, according to a study presented by Symantec at an Association of Computing Machinery conference in Raleigh, NC this week.

The researchers used data collected from 11 million PCs to correlate a catalogue of zero-day attacks with malware signatures taken from those machines. Using that retrospective analysis, they found 18 attacks that represented zero-day exploits between February 2008 and March of 2010, seven of which weren't previously known to have been zero-days. And most disturbingly, they found that those attacks continued more than 10 months on average–up to 2.5 years in some cases–before the security community became aware of them. “In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought—perhaps more than twice as many,” the researchers write.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Hackers' 'Zero-Day' Exploits Stay Secret For Ten Months On Average

Comments Filter:

Nearly every complex solution to a programming problem that I have looked at carefully has turned out to be wrong. -- Brent Welch

Working...