

Understanding the process of finding serious vulnerabilities - probdist
http://lcamtuf.blogspot.com/2015/08/understanding-process-of-finding.html

======
ufmace
It may not be that comprehensive yet, but I thought this was interesting:

> Only a small minority of serious vulnerabilities appear to be disclosed
> anywhere outside a vendor advisory, making it extremely dangerous to rely on
> press coverage (or any other casual source) for evaluating personal risk.

I've always had a feeling that the cycle of reading an article on publicized
security flaw X and then jumping in response to update or replace something
immediately was kinda pointless. Seems better to have a regular update
schedule and practice good defense in depth than to watch the tech media and
obsess over their reports.

------
jmnicolas
It's just a teaser with no results yet. I'd be really interested to read the
next article when he'll have compiled the answers.

~~~
FilterSweep
I must admit, he totally _got me_ with watch this space. Bookmarked for later.
I wonder how honest the security researchers will be? I'd also love to see the
same survey replicated with those who exploit the vulnerabilities they
find.... Those may not be as honest

~~~
vog
I also added their ATOM feed to my RSS reader, and I'm curious if some
interesting articles will come.

