While Apple has grabbed headlines of late for discovering zero-days, today’s columnist, Ed Bellis of Kenna Security, says true zero-days are rare. Bellis says the vast majority of vulnerabilities are patched before CVE publication. However, in the rare case when exploits predate the availability of a patch, attackers get a 47-day head start – and that’s something security teams need to focus on. rwentechaney CreativeCommons (Credit: CC BY-NC-SA 2.0)

Common sense tells us that when code used to exploit vulnerabilities becomes publicly-available, somebody will use it for an attack.

New research from Kenna Security and the Cyentia Institute tells us the exact impact the public release of such code has on corporate security and attacker momentum – especially in the relatively rare instances where the release of an exploit code predates a patch. When this happens, attackers get a 47-day head start against the security teams defending against them.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.