10 Jun
2004
10 Jun
'04
4:46 p.m.
On Thu, 10 Jun 2004 13:30:41 PDT, Eric Rescorla said:
[0] Note that this doesn't require that the chance of finding any particular bug upon inspection of the code be very low high, but merely that there not be very deep coverage of any particular code section.
Right. However, if you hand the team of white hats and the team of black hats the same "Chatter has it there's a 0-day in Apache's mod_foo handler".... Note that the rumored 0-day doesn't even have to exist - one has to wonder how many of the bugs found in Windows by all color hats were inspired by Allchin's comment under oath that there was an API flaw in Windows so severe that publishing the API could endanger national security.....