News Web Server Security Phishing Database Security Application Server Security Library Vulnerability Archive Secure Development Web Services Pen Test AJAX Application Firewalls
Main -> Internet Security News
TOPIC'S
Advertising
Old News
About
Resume
Contact
FAQ
Irc
Links
Articles
Translate
Interviews
Commentary
Books
Demos
Papers
Downloads
Advisories
Contributions
Security Services
Submit News
Syndicated News


Hosting generously provided by
www.mv.com




Pick Your Language


Average zero-day bug has 348-day lifespan, exec says
Posted 07/9/07 by Robert

"The average zero-day (0day) bug has a lifespan of 348 days before it is discovered or patched, and some vulnerabilities live on for much longer, according to security vendor Immunity Inc.'s chief executive officer.

Zero-day bugs are vulnerabilities that have not been patched or made public. When discovered and not disclosed, these bugs can be used by hackers and criminals to break into corporate systems to steal or change data. As a result, there is a thriving market for zero-day bugs.

"Huge amounts of money are being offering to zero-day discoverers for their zero-days," said Justine Aitel, Immunity's CEO, speaking in Singapore at the SyScan '07 security conference.

Immunity, which buys but does not disclose zero-day bugs, keeps tabs on how long the bugs it buys last before they are made public or patched. While the average bug has a lifespan of 348 days, the shortest-lived bugs are made public in 99 days. Those with the longest lifespan remain undetected for 1,080 days, or nearly three years, Aitel said.

"Bugs die when they go public, and they die when they get patched," she said. "

Article Link: http://www.computerworld.com/action/article.do?command...
Link to this Story: Average zero-day bug has 348-day lifespan, exec says
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed
Discuss this article    Find Related Stories



External Links:
Copyright 2000-2007 Cgisecurity.com.
Providing Web Security news since 2000.
Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape.
Website Security Web Application Security solid state drives ebay cd players camera lens deals buy macbook air not work safe software security canon camera deals


Popular Links By Subject

Sponsored Link (Advertise)


Subscribe to CGISecurity.com



The Web Security Mailing List
  • [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • RE: [WEB SECURITY] [Off Topic] Judge Orders YouTube to Give All User Histories to Viacom
  • RE: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • Re: [WEB SECURITY] [Off Topic] Judge Orders YouTube to Give All User Histories to Viacom
  • Re: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • Re: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • RE: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • Re: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • Re: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  • [WEB SECURITY] Announcing WAFReviews.com

    • Contact us
    Post News, get linkage!

    Name

    Email or Homepage:

    Subject

    Finish the word below: deadb33f

    Body