In the debate about publishing n-day PoCs, I’m not reading anyone debating what the value of n should be for fully working PoCs. I’ve personally published vuln details when patch was released, techniques in abstract, but waited over a year for working exploits. Seemed best to me.
-
-
Sorry I can't agree to a number on each of our personal perceptions w/o data :). There are ~1.34 gazillion malware samples a minute in VT, so I'd bet the number of those attempted installations via exploits is knowable and the lineage of that exploit code could be examined.
-
Hmmm. That seems odd, you can't agree that malware is more prevalent than exploitation? Even for the purpose of informal discussion?

- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.