And yes, I have my opinion. I am curious about other opinions because I am extremely biased as a manager of a VDB.
@dakami Right, meaning 500 of the 10k may be silly RFI that get lost in the noise of the RFI scanners....
-
-
@attritionorg I wonder where you're going with this. Looking forward to finding out. -
@dakami Taking extensive notes, and this is not a purely hypothetical by any means. Not sure if it will be a talk though. (it is reality) -
@attritionorg One caveat, I strongly prefer one 0day that works reliably against everything vs. 10,000 0days that I have to precisely target -
@dakami Even if say 300 of the 10k are in libraries that are used in 1000's of software packages, including the big vendors (e.g. Adobe)? -
@attritionorg Man, it is *all* about the vectors. If there's some LibTIFF bug in a PHP install but I can't make it parse my img, no 0day -
@dakami Right, so maybe 90% of apps don't parse, but 10% do. Translated in real world, how many apps *do*? What value then? -
@attritionorg@dakami so what you're saying is most of it is all FUD or what? Trying to follow this train... -
@xxDigiPxx FUD? absolutely not. Dan just picked up on an important distinction. Maybe not 100k apps vuln, maybe "only" 10k? - 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.