The End Of Vulnerabilities?

Discussion in 'other security issues & news' started by Hungry Man, Mar 18, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    http://www.darkreading.com/vulnerab...ent/232602714/the-end-of-vulnerabilities.html

    On a global scale, bugs are never going away, but in specific products, early evidence reveals that companies are having success in weeding out flaws

     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Until we invent AI which can examine code and define all possibly combinations to patch and exploit it, we are nowhere near the end of vulnerabilities and exploitation. With evolving dynamic code such as an OS etc, there will always be new ways to attack the system despite security measures. And I agree with 0 days going to the highest bidder. Governments want them as cyber weapons, criminals want them for malware. Those type of vulnerabilities will not be reported easily or buried altogether.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I think that perfect code for any reasonably complex system such as an operating system is flat out impossible without new methods of coding.

    That said, due to techniques like ASLR and DEP programs can kind of "blanket bomb" exploits. The exploit might still be there but it's inaccessible because the code is not executable or because they can't find it in the address space.

    Will exploits ever go away forever? No. But I think we are really starting to see the cost of exploits for more common programs (browser, plugins like flash, reader, even the OS) really start to go up.

    So either we'll see new methods of exploitation, new areas of exploitation, or more social engineering components.
     
  4. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Oh no I agree with ASLR and DEP the cost of exploits by common means has been raised. (And that is a good thing!) Though yes I feel we will see new techniques in terms of exploitation. The rules may have been changed but the game never does. ;)
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Exactly, that's how I feel as well. When DEP came about we started seeing ROP, now we seen JIT Spray or Gen Shue or HOP exploitation. The attacks are getting more complicated but they aren't going away.
     
Loading...
Thread Status:
Not open for further replies.