Dailydave mailing list archives

Re: The strategic difference of 0day

From: Robert Lemos <lists () robertlemos com>
Date: Wed, 15 Jun 2011 08:29:46 -0400

On Jun 14, 2011, at 5:08 PM, Dave Aitel wrote:

And you find yourself asking: Now how can that possibly be the case?


$2 billion (or whatever) spent on software security?

As you know, it doesn't mean that they are not there, just that Microsoft has made the ROI for vulnerability 
researchers too small to justify spending an increasing amount of time on finding vulnerabilities. Although, I could 
have sworn there was a remote on a security appliance or two in the past two years.

Of course, I think you need to expand your definition of remote these days. How is social engineering + client exploit 
not greater than or equal to a remote server vulnerability from a functional level? The former gets you inside the 
firewall, the latter -- not necessarily.

-R

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

The strategic difference of 0day Dave Aitel (Jun 14)
- Re: The strategic difference of 0day Anton Chuvakin (Jun 14)
  - Re: The strategic difference of 0day Rafal Los (Jun 15)
    - Re: The strategic difference of 0day Andre Gironda (Jun 15)
  - Re: The strategic difference of 0day security curmudgeon (Jun 15)
- Re: The strategic difference of 0day Robert Lemos (Jun 15)