Would you rather have 10 0-day, or 10,000 vulns that were technically public, but no VDB or vuln scanner knew about? Justify your answer.
-
-
Replying to @attritionorg
@attritionorg What is the vendor response to the 10,000 known vulns? Patch available?1 reply 0 retweets 0 likes -
Replying to @gdbassett
@gdbassett Not 10k vulns in *one* vendor. Say 10k vulns in 9k vendors for sake of argument.1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg then vendors' responses. 0'days are known security bypass. known vulns are 0'days that are less likely to work.1 reply 0 retweets 0 likes -
Replying to @gdbassett
@gdbassett@attritionorg If vendors have issued patches, that decreases likelihood of vulns working further. being in vuln scanners ...2 replies 0 retweets 0 likes -
Replying to @gdbassett
@gdbassett Now you get to one root of the question. Patch exists, but nothing detects it... do companies actually patch?1 reply 0 retweets 1 like -
Replying to @attritionorg
@attritionorg it's a question of their patch/config mgmt process. Assuming single target, highly target dependent.1 reply 1 retweet 0 likes
@gdbassett Exactly. But safe to assume that maybe half get patch management right, if not less, right?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.