What they're actually studying (because it's what they can study) is not the date the flaws start being exploited in the wild, but the date they are discovered. In some cases, there are hints that a flaw was being used for quite some time before anyone found it.
It could well be that their conclusions are valid though - the window between a 0day being exploited in the wild, and anyone from the whitehat community noticing the fact, may be so long and random that one month more or less of exposure window barely registers to the bad guys...
It could well be that their conclusions are valid though - the window between a 0day being exploited in the wild, and anyone from the whitehat community noticing the fact, may be so long and random that one month more or less of exposure window barely registers to the bad guys...
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/535/2008#2008