Publishing exploit code does more harm than good, says report
Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security
Share this item with your network:
By
Published: 13 May 2021 13:12
Cyber security researchers and ethical hackers may wish to consider easing off on publicly disclosing vulnerability exploit code before patches have been made available, because doing so gives malicious actors a “clear and unequivocal” advantage, according to new data crunched by vulnerability management specialist Kenna Security and Cyentia Institute.
In the research study,
Prioritisation to prediction, volume 7: establishing defender advantage, Kenna said that in about one-third of cases, it had found that ethical hackers – whom the industry relies on to some extent to identify new vulnerabilities and write proof-of-concept exploit code – made their code publicly available before the patch.