Would you rather have 10 0-day, or 10,000 vulns that were technically public, but no VDB or vuln scanner knew about? Justify your answer.
@gdbassett Not 10k vulns in *one* vendor. Say 10k vulns in 9k vendors for sake of argument.
-
-
@attritionorg then vendors' responses. 0'days are known security bypass. known vulns are 0'days that are less likely to work. -
@gdbassett@attritionorg If vendors have issued patches, that decreases likelihood of vulns working further. being in vuln scanners ... -
@gdbassett Now you get to one root of the question. Patch exists, but nothing detects it... do companies actually patch? -
@attritionorg it's a question of their patch/config mgmt process. Assuming single target, highly target dependent. -
@gdbassett Exactly. But safe to assume that maybe half get patch management right, if not less, right?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.