[71185] in North American Network Operators' Group
Re: AV/FW Adoption Sudies
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Thu Jun 10 14:57:36 2004
To: "Paul G" <paul@rusko.us>
Cc: "'Nanog'" <nanog@merit.edu>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 10 Jun 2004 11:54:31 -0700
In-Reply-To: <023201c44f1a$c23c1d00$2497c044@rusko> (Paul G.'s message of
"Thu, 10 Jun 2004 14:43:01 -0400")
Errors-To: owner-nanog-outgoing@merit.edu
Paul G <paul@rusko.us> wrote:
> ----- Original Message -----
> From: "Eric Rescorla" <ekr@rtfm.com>
> To: <Valdis.Kletnieks@vt.edu>
> Cc: "Sean Donelan" <sean@donelan.com>; "'Nanog'" <nanog@merit.edu>
> Sent: Thursday, June 10, 2004 2:37 PM
> Subject: Re: AV/FW Adoption Sudies
>
> -- snip ---
>
> > If we assume that the black hats aren't vastly more
> > capable than the white hats, then it seems reasonable to believe that
> > the probability of the black hats having found any particular
> > vulnerability is also relatively small.
>
> and yet, some of the most damaging vulns were kept secret for months before
> they got leaked and published. i won't pretend to have the answer, but fact
> remains fact.
I don't think that this contradicts what I was saying.
My hypothesis is that the sets of bugs independently found by white
hats and black hats are basically disjoint. So, you'd definitely
expect that there were bugs found by the black hats and then used as
zero-days and eventually leaked to the white hats. So, what you
describe above is pretty much what one would expect.
-Ekr
