A white paper released by cybersecurity company Trend Micro highlights the ongoing risks associated with known and fixed zero-day vulnerabilities. While most attention is focused on the initial notoriety of these flaws, the risks span a range of issues including patch testing, lag time in OEM adoption, and end user update issues. The paper revealed that over one-third of the zero-day vulnerabilities exploited in 2022 were actually variants of previously patched vulnerabilities, which were not fully fixed by vendors. To counter these risks, the paper proposed initiatives including greater transparency from vendors and governments in vulnerability exploitation and patch adoption, attention to friction points throughout the vulnerability lifecycle, and modern secure software development practices. The paper also argued for the protection of good-faith security researchers who make significant contributions to security through their efforts to find vulnerabilities before attackers can exploit them.
There are no comments yet.