USNCVA - Now Read This

NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0243 Average zero-day bug has 348-day lifespan:

Research by one security firm indicates that, on average, a zero-day bug that is not disclosed publicly has a lifespan of 348 days before it is discovered or patched and some vulnerabilities live for much longer. US-based security firm Immunity, which buys, but does not disclose, zero-day bugs, keeps tabs on how long the bugs it buys last before they are made public or patched. While the average bug has a lifespan of 348 days, the shortest-lived bugs are made public in 99 days. Those with the longest lifespans remained undetected for as long as 1,080 days, or nearly THREE YEARS, said Justice Aitel, chief executive officer of Immunity.

(ComputerWorld.com 09JUL07)

Last Modified: Tuesday, 31-Jul-2007 21:39:26 EDT

NOW READ THIS ("Security Advisory")

NRT-0243 Average zero-day bug has 348-day lifespan:

NOW READ THIS
("Security Advisory")