Cargando…
Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits /
Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Santa Monica, California :
RAND,
[2017]
|
| Colección: | Research report (Rand Corporation) ;
RR-1751-RC. |
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Preface
- Figures and Tables
- Summary
- Acknowledgments
- 1. Introduction: Little Is Known About the Extent, Use, Benefit, or Harm of Zero-Day Exploits
- Should the U.S. Government Disclose Zero-Day Vulnerabilities?
- There Are Many Considerations That Stakeholders Want Addressed
- Research Questions and the Purpose of This Research
- Intended Audience for This Research
- Breaking Down the Zero-Day Space
- Data for This Research
- Methodology of Research and Data Collection
- Organization of This Report
- 2. More Discussion of Zero-Day Vulnerabilities: Nature of Zero-Day Vulnerabilities
- Exploit Development Basics and Considerations
- Exploit Development Cycle
- People in the Zero-Day Vulnerability Space
- Business Models
- 3. Analysis of the Data: 1. Life Status: Is the Vulnerability Really a Zero-Day? Is It Alive (Publicly Unknown) or Dead (Known to Others)?
- 2. Longevity: How Long Will the Vulnerability Remain Undiscovered and Undisclosed to the Public?
- 3. Collision Rate: What Is the Likelihood That Others Will Discover and Disclose the Vulnerability?
- 4. Cost: What Is the Cost to Develop an Exploit for the Vulnerability?
- 4. Conclusions and Implications
- APPENDIXES
- References.