Finding vulnerabilities and how to exploit them to run malware
in closed source code is nigh on impossible.
Anyone can read open source code.
What is possible is to analyze patches to figure out what was fixed
and then to attack those that didn't apply the patches.
Even easier is old releases. Patches often have more than one fix,
but a patch for an old release is almost guaranteed to be a fix
for a single vulnerability. That makes it easier to analyze.
Regards,
Jakob.
I'm not entirely sure if I understood this statement right.
Of course you are aware that every closed source project is breached
by bored hobbyists given the slightest motivation. Ref: pwn2own or
entirety of infosec history.
We have no historic knowledge of how to build software that is robust
enough to withstand an attack from someone motivated by boredom. We
have a lot of finger pointing about 'code it right' and a lot of
religious rituals which somehow are needed for infosec to succeed, and
it still never does.
Now let's assume there are some better motivations than boredom, and
we must assume the quality of attacks is higher than what we see in
things like pwn2own.
How many dollars must the defender use per dollar used by the
attacker? And is this leverage difference higher than the cost of
realised risk?
Finding vulnerabilities and how to exploit them to run malware
in closed source code is nigh on impossible.
which explains why it never happens </snark>
randy