Cargando…
Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits /
Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Santa Monica, California :
RAND,
[2017]
|
| Colección: | Research report (Rand Corporation) ;
RR-1751-RC. |
| Temas: | |
| Acceso en línea: | Texto completo |
MARC
| LEADER | 00000cam a2200000Ii 4500 | ||
|---|---|---|---|
| 001 | EBSCO_ocn976431100 | ||
| 003 | OCoLC | ||
| 005 | 20231017213018.0 | ||
| 006 | m o d | ||
| 007 | cr ||||||||||| | ||
| 008 | 170320s2017 caua ob 000 0 eng d | ||
| 040 | |a DOS |b eng |e rda |e pn |c DOS |d DOS |d OCLCF |d MERUC |d EBLCP |d YDX |d N$T |d OCLCQ |d OCLCA |d N$T |d AGLDB |d IGB |d CN8ML |d SNK |d INTCL |d MHW |d BTN |d AUW |d WRM |d OCLCQ |d VTS |d DEBBG |d OCLCQ |d INT |d D6H |d OCLCQ |d G3B |d LVT |d S8I |d S8J |d S9I |d STF |d OCLCQ |d OCLCO |d OCLCQ |d OCLCO | ||
| 019 | |a 981649502 |a 981897291 |a 982010997 | ||
| 020 | |a 9780833097781 |q (electronic bk.) | ||
| 020 | |a 0833097784 |q (electronic bk.) | ||
| 020 | |z 9780833097613 | ||
| 020 | |z 083309761X | ||
| 029 | 1 | |a CHNEW |b 000953100 | |
| 029 | 1 | |a CHVBK |b 484641395 | |
| 035 | |a (OCoLC)976431100 |z (OCoLC)981649502 |z (OCoLC)981897291 |z (OCoLC)982010997 | ||
| 043 | |a n-us--- | ||
| 050 | 4 | |a QA76.76.C68 |b A25 2017eb online | |
| 072 | 7 | |a COM |x 015000 |2 bisacsh | |
| 072 | 7 | |a COM |x 053000 |2 bisacsh | |
| 082 | 0 | 4 | |a 005.84 |2 23 |
| 049 | |a UAMI | ||
| 100 | 1 | |a Ablon, Lillian, |e author. | |
| 245 | 1 | 0 | |a Zero days, thousands of nights : |b the life and times of zero-day vulnerabilities and their exploits / |c Lillian Ablon, Andy Bogart. |
| 264 | 1 | |a Santa Monica, California : |b RAND, |c [2017] | |
| 264 | 4 | |c ©2017 | |
| 300 | |a 1 online resource (xvii, 114 pages) : |b color illustrations | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 490 | 1 | |a Research report ; |v RR-1751-RC | |
| 588 | 0 | |a Online resource; title from PDF title page (EBSCO, viewed January 16, 2018). | |
| 500 | |a "March 15, 2017"--Table of contents page. | ||
| 504 | |a Includes bibliographical references. | ||
| 505 | 0 | 0 | |t Preface -- |t Figures and Tables -- |t Summary -- |t Acknowledgments -- |g 1. |t Introduction: |t Little Is Known About the Extent, Use, Benefit, or Harm of Zero-Day Exploits -- |t Should the U.S. Government Disclose Zero-Day Vulnerabilities? -- |t There Are Many Considerations That Stakeholders Want Addressed -- |t Research Questions and the Purpose of This Research -- |t Intended Audience for This Research -- |t Breaking Down the Zero-Day Space -- |t Data for This Research -- |t Methodology of Research and Data Collection -- |t Organization of This Report -- |g 2. |t More Discussion of Zero-Day Vulnerabilities: |t Nature of Zero-Day Vulnerabilities -- |t Exploit Development Basics and Considerations -- |t Exploit Development Cycle -- |t People in the Zero-Day Vulnerability Space -- |t Business Models -- |g 3. |t Analysis of the Data: |g 1. |t Life Status: Is the Vulnerability Really a Zero-Day? Is It Alive (Publicly Unknown) or Dead (Known to Others)? -- |g 2. |t Longevity: How Long Will the Vulnerability Remain Undiscovered and Undisclosed to the Public? -- |g 3. |t Collision Rate: What Is the Likelihood That Others Will Discover and Disclose the Vulnerability? -- |g 4. |t Cost: What Is the Cost to Develop an Exploit for the Vulnerability? -- |g 4. |t Conclusions and Implications -- |t APPENDIXES -- |t References. |
| 520 | |a Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that could augment conventional proxy examples and expert opinion, complement current efforts to create a framework for deciding whether to disclose or retain a cache of zero-day vulnerabilities and exploits, inform ongoing policy debates regarding stockpiling and vulnerability disclosure, and add extra context for those examining the implications and resulting liability of attacks and data breaches for U.S. consumers, companies, insurers, and for the civil justice system broadly. The authors provide insights about the zero-day vulnerability research and exploit development industry; give information on what proportion of zero-day vulnerabilities are alive (undisclosed), dead (known), or somewhere in between; and establish some baseline metrics regarding the average lifespan of zero-day vulnerabilities, the likelihood of another party discovering a vulnerability within a given time period, and the time and costs involved in developing an exploit for a zero-day vulnerability"--Publisher's description. | ||
| 590 | |a eBooks on EBSCOhost |b EBSCO eBook Subscription Academic Collection - Worldwide | ||
| 650 | 0 | |a Computer viruses |z United States |x Prevention |y 21st century. | |
| 650 | 0 | |a Computer networks |x Security measures |z United States |y 21st century. | |
| 650 | 0 | |a Internet |x Security measures |z United States |y 21st century. | |
| 650 | 0 | |a Computers |x Access control |z United States |y 21st century. | |
| 650 | 0 | |a Computer crimes |z United States |x Prevention |y 21st century. | |
| 650 | 0 | |a Computer security |z United States |y 21st century. | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures |z États-Unis |y 21e siècle. | |
| 650 | 6 | |a Internet |x Sécurité |x Mesures |z États-Unis |y 21e siècle. | |
| 650 | 6 | |a Ordinateurs |x Accès |x Contrôle |z États-Unis |y 21e siècle. | |
| 650 | 6 | |a Sécurité informatique |z États-Unis |y 21e siècle. | |
| 650 | 7 | |a COMPUTERS |x Security |x Viruses & Malware. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Security |x General. |2 bisacsh | |
| 650 | 7 | |a Computer crimes |x Prevention |2 fast | |
| 650 | 7 | |a Computer networks |x Security measures |2 fast | |
| 650 | 7 | |a Computer security |2 fast | |
| 650 | 7 | |a Computer viruses |x Prevention |2 fast | |
| 650 | 7 | |a Computers |x Access control |2 fast | |
| 650 | 7 | |a Internet |x Security measures |2 fast | |
| 651 | 7 | |a United States |2 fast | |
| 648 | 7 | |a 2000-2099 |2 fast | |
| 700 | 1 | |a Bogart, Andy, |e author. | |
| 710 | 2 | |a Institute for Civil Justice (U.S.), |e issuing body. | |
| 830 | 0 | |a Research report (Rand Corporation) ; |v RR-1751-RC. | |
| 856 | 4 | 0 | |u https://ebsco.uam.elogim.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1496778 |z Texto completo |
| 938 | |a EBL - Ebook Library |b EBLB |n EBL4834073 | ||
| 938 | |a EBSCOhost |b EBSC |n 1496778 | ||
| 938 | |a YBP Library Services |b YANK |n 13953256 | ||
| 994 | |a 92 |b IZTAP | ||