[71186] in North American Network Operators' Group
Re: AV/FW Adoption Sudies
daemon@ATHENA.MIT.EDU (Paul G)
Thu Jun 10 15:02:20 2004
From: "Paul G" <paul@rusko.us>
To: "EKR" <ekr@rtfm.com>
Cc: "'Nanog'" <nanog@merit.edu>
Date: Thu, 10 Jun 2004 14:55:37 -0400
Errors-To: owner-nanog-outgoing@merit.edu
----- Original Message -----
From: "Eric Rescorla" <ekr@rtfm.com>
> Paul G <paul@rusko.us> wrote:
>
> > ----- Original Message -----
> > From: "Eric Rescorla" <ekr@rtfm.com>
> >
> > -- snip ---
> >
> > > If we assume that the black hats aren't vastly more
> > > capable than the white hats, then it seems reasonable to believe that
> > > the probability of the black hats having found any particular
> > > vulnerability is also relatively small.
> >
> > and yet, some of the most damaging vulns were kept secret for months
before
> > they got leaked and published. i won't pretend to have the answer, but
fact
> > remains fact.
>
> I don't think that this contradicts what I was saying.
>
> My hypothesis is that the sets of bugs independently found by white
> hats and black hats are basically disjoint. So, you'd definitely
> expect that there were bugs found by the black hats and then used as
> zero-days and eventually leaked to the white hats. So, what you
> describe above is pretty much what one would expect.
there is a fair chance that the same bug will be found if several people
audit the same piece of code, such as a very widespread, high profile piece
of software. in fact, i know of at least one serious bug that was discovered
independently by two different groups of people. in general, however, what
you are saying makes complete sense.
paul
