Security flaws ‘undiscovered for years’

Security holes known as zero-day vulnerabilities can lie dormant for up to 10 years, a study has suggested.

And this means that hackers have plenty of time to develop sophisticated exploits for a range of software.

The study, from research organisation Rand, looked at 200 security flaws, 40% of which are not yet publicly known.

It comes as documents from Wikileaks suggest the CIA has collected a portfolio of zero-day vulnerabilities.

The study suggests:

  • 25% of vulnerabilities become publicly known within one and a half years
  • 25% remain undiscovered for more than nine and a half years
  • Vulnerabilities that are publicly known are often disclosed with a patch
  • Once a vulnerability is found, an exploit can be developed in an average of 22 days

Source: Security flaws ‘undiscovered for years’ – BBC News


Leave a Reply