Reply to post: Re: Confusing.

Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...

Michael Wojcik Silver badge

Re: Confusing.

Yes. This is sometimes known as an "exploit pool collision". There's a good (long) report from RAND from a couple of years ago on 0-days which discusses government 0-day hoarding at length, including disclosure strategies.

The value of an unpublished 0-day drops as more hoarders discover it (or learn about it through leaks, purchase it on the exploit market, etc). Eventually there's more value in getting it fixed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020