Schmugar's results would likely be different if he looked solely at the 10 percent of vulnerabilities discovered in the wild. Then, I think he'd find the exploit Wednesday phenomenon more pronounced. There's a financial motive for those releasing zero-days to exploit them. That same financial motive doesn't exist amongst researchers dropping bugs on mailing lists, for example.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/535/2007#2007