[Dailydave] Remote language detection
Steven M. Christey
coley at mitre.org
Thu Dec 7 17:27:51 EST 2006
>There's been a commoditization of known vulnerabilities. I don't think
>it will be that long from now where a penetration testing service that
>does not offer 0day testing will be completely devalued. Essentially
>this is where penetration testing is already, since most of what you
>do in a test is web-based which is essentially 0day testing.
If so, then this could be a worrisome trend if professionals keep
off-the-shelf 0days for a competitive advantage instead of notifying
the vendors and working on a fix. Obviously location-specific custom
software does not apply here.
I think something similar to that happened in the early days of
vulnerability scanners.
- Steve
More information about the Dailydave
mailing list