And yes, I have my opinion. I am curious about other opinions because I am extremely biased as a manager of a VDB.
@dakami Even if say 300 of the 10k are in libraries that are used in 1000's of software packages, including the big vendors (e.g. Adobe)?
-
-
@attritionorg Man, it is *all* about the vectors. If there's some LibTIFF bug in a PHP install but I can't make it parse my img, no 0day -
@dakami Right, so maybe 90% of apps don't parse, but 10% do. Translated in real world, how many apps *do*? What value then? -
@attritionorg@dakami so what you're saying is most of it is all FUD or what? Trying to follow this train... -
@xxDigiPxx FUD? absolutely not. Dan just picked up on an important distinction. Maybe not 100k apps vuln, maybe "only" 10k? -
@attritionorg Thanks. Was just wondering if it was a poke at "the sky is falling" mentality, or focus on true attack surface and real 0days. -
@xxDigiPxx This is no poke, this is true sociology and perception of value of vulns. Asking twitter because I don't know. -
@attritionorg If companies don't take it seriously, they only will when it costs them money or creates impact, so how do you "value" base it -
@xxDigiPxx They may take it "seriously", but base decisions on scanners and VDBs.
End of conversation
New conversation -
-
-
@attritionorg@dakami red, blue & suits all more likely to take a working exploit more seriously than many vuln of unquantifiable risk/use -
@kickfroggy@dakami Even if you can convert those 10k into working exploits with some coding skills? -
@attritionorg@dakami can definitely vs can potentially get a working exploit changes how much time/effort/resources you're gambling with -
@kickfroggy@dakami Assume you have a skilled exploit dev. Those 10k can be converted into exploits with varying degrees of time. -
@attritionorg@dakami the faster a vuln can become a reliable exploit the more valuable it becomes... -
@kickfroggy@dakami Say 10% of the 10k are < 10m to reliably exploit.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.