This is an incredible resource for anyone looking into zeroday exploits and I'm happy to say that I helped with ithttp://www.rand.org/pubs/research_reports/RR1751.html …
-
-
Exploit buyers overwhelmingly purchase in response to direct, operational needs.pic.twitter.com/UNGL8wnC0K
-
Crowdsourcing vulns is insufficient. Strategic guidance on architecture, mitigations is essential for good defense.pic.twitter.com/MqEnhZdPw0
-
"Offensively focused researchers employ different methods of finding bugs than defensively focused ones." Hire a red team!pic.twitter.com/E4VkYMXEnf
-
Selecting the RIGHT vulnerability appears to be the most time consuming part of exploit development.pic.twitter.com/yZ63tjrCQ8
-
As an exploit developer, you're having a GREAT year if you ship 4 exploits.pic.twitter.com/iOKN5qpT53
-
-
Bounties have little overlap w exploit development. Not in skill required, techniques developed, or bugs discovered.https://twitter.com/withzombies/status/839870870545850368 …
-
Extraordinarily few people are capable of professional exploit development, an order of magnitude less than the number of bug bounty hunterspic.twitter.com/G1rD45w0xz
-
To those dismissing this RAND report: Ignore it at your own peril. This is the best data ever released on real exploit development, period.
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.