10 Jun
2004
10 Jun
'04
2:43 p.m.
----- Original Message ----- From: "Eric Rescorla" <ekr@rtfm.com> To: <Valdis.Kletnieks@vt.edu> Cc: "Sean Donelan" <sean@donelan.com>; "'Nanog'" <nanog@merit.edu> Sent: Thursday, June 10, 2004 2:37 PM Subject: Re: AV/FW Adoption Sudies -- snip ---
If we assume that the black hats aren't vastly more capable than the white hats, then it seems reasonable to believe that the probability of the black hats having found any particular vulnerability is also relatively small.
and yet, some of the most damaging vulns were kept secret for months before they got leaked and published. i won't pretend to have the answer, but fact remains fact. paul