The Zero Day Initiative
The Ponemon Institute’s “State of Endpoint Security Risk 2018” report has a number of interesting findings. Two of these findings stand out. First, 52% of respondents say that cyberattacks “cannot be realistically stopped.” Second, they state that zero-day attacks are four times more likely to compromise a target.
You know that saying that “it takes a village to raise a child”? Well, it takes a community to build a secure software product.
Zero-day vulnerabilities have met their match in the form of the Zero Day Initiative (ZDI). In this article, I’ll look at why we all need to work together to go from zero to security hero.
What is A Zero-Day Vulnerability and Why Is It Such a Big Deal?
Software vulnerabilities and issues like OS and software configuration flaws make us susceptible to a cyberattack. Software flaws give hackers a hook into a system: This we know. When someone talks about a “zero-day vulnerability,” what they mean is that the flaw is still fresh, untouched (or fixed/patched) — it’s like virgin snow. The vendor of the software product that contains the flaw has yet to fix it. This makes the flaw particularly attractive as far as a cybercriminal is concerned: To them, it is like an open door that has yet to be closed.
“Zero-day” literally means there have been zero days available to fix the vulnerability. It becomes a race against time — the hackers packaging zero-day exploits to take advantage of the flaw before a patch is released and users update their software.
Hackers generally find out about the existence of a zero-day vulnerability through a black market set up to sell data on the vulnerability to those who wish to exploit it.
Understanding what a zero-day vulnerability is explains why Trend Micro started the Zero (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/m6HslNbGk8A/
