Citation[edit | edit source]
Lillian Ablon & Timothy Bogart, Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits (RAND Corporation) (2017) (full-text).
Overview[edit | edit source]
This report explores a dataset of information about zero-day software vulnerabilities and exploits using novel applications of traditional statistical methods to reveal a number of insights about the industry and establish some initial metrics regarding the life status, longevity, and collision rates of zero-day vulnerabilities and their exploits. It also touches on the labor time required to create an exploit.
The results of this research provide findings from real-world, zero-day vulnerability and exploit data that could augment conventional proxy examples and expert opinion, complement current efforts to create a framework for deciding whether to disclose or retain a cache of zero-day vulnerabilities and exploits, and inform ongoing policy debates regarding stockpiling and vulnerability disclosure.