Loading…
Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits /
Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world...
| Call Number: | Libro Electrónico |
|---|---|
| Main Authors: | , |
| Format: | Electronic eBook |
| Language: | Inglés |
| Published: |
Santa Monica, California :
RAND,
[2017]
|
| Series: | Research report (Rand Corporation) ;
RR-1751-RC. |
| Subjects: | |
| Online Access: | Texto completo |
Table of Contents:
- Preface
- Figures and Tables
- Summary
- Acknowledgments
- 1. Introduction: Little Is Known About the Extent, Use, Benefit, or Harm of Zero-Day Exploits
- Should the U.S. Government Disclose Zero-Day Vulnerabilities?
- There Are Many Considerations That Stakeholders Want Addressed
- Research Questions and the Purpose of This Research
- Intended Audience for This Research
- Breaking Down the Zero-Day Space
- Data for This Research
- Methodology of Research and Data Collection
- Organization of This Report
- 2. More Discussion of Zero-Day Vulnerabilities: Nature of Zero-Day Vulnerabilities
- Exploit Development Basics and Considerations
- Exploit Development Cycle
- People in the Zero-Day Vulnerability Space
- Business Models
- 3. Analysis of the Data: 1. Life Status: Is the Vulnerability Really a Zero-Day? Is It Alive (Publicly Unknown) or Dead (Known to Others)?
- 2. Longevity: How Long Will the Vulnerability Remain Undiscovered and Undisclosed to the Public?
- 3. Collision Rate: What Is the Likelihood That Others Will Discover and Disclose the Vulnerability?
- 4. Cost: What Is the Cost to Develop an Exploit for the Vulnerability?
- 4. Conclusions and Implications
- APPENDIXES
- References.