Re: AV/FW Adoption Sudies

["Paul G" <paul () rusko us>]

----- Original Message ----- 
From: "Eric Rescorla" <ekr () rtfm com>


> Paul G <paul () rusko us> wrote:
>
> > ----- Original Message ----- 
> > From: "Eric Rescorla" <ekr () rtfm com>
> >
> > -- snip ---
> >
> > > If we assume that the black hats aren't vastly more
> > > capable than the white hats, then it seems reasonable to believe that
> > > the probability of the black hats having found any particular
> > > vulnerability is also relatively small.
> >
> > and yet, some of the most damaging vulns were kept secret for months
before
> > they got leaked and published. i won't pretend to have the answer, but
fact
> > remains fact.
>
> I don't think that this contradicts what I was saying.
>
> My hypothesis is that the sets of bugs independently found by white
> hats and black hats are basically disjoint. So, you'd definitely
> expect that there were bugs found by the black hats and then used as
> zero-days and eventually leaked to the white hats. So, what you
> describe above is pretty much what one would expect.

there is a fair chance that the same bug will be found if several people
audit the same piece of code, such as a very widespread, high profile piece
of software. in fact, i know of at least one serious bug that was discovered
independently by two different groups of people. in general, however, what
you are saying makes complete sense.

paul