It may not be that comprehensive yet, but I thought this was interesting:
> Only a small minority of serious vulnerabilities appear to be disclosed anywhere outside a vendor advisory, making it extremely dangerous to rely on press coverage (or any other casual source) for evaluating personal risk.
I've always had a feeling that the cycle of reading an article on publicized security flaw X and then jumping in response to update or replace something immediately was kinda pointless. Seems better to have a regular update schedule and practice good defense in depth than to watch the tech media and obsess over their reports.
I must admit, he totally got me with watch this space. Bookmarked for later. I wonder how honest the security researchers will be?
I'd also love to see the same survey replicated with those who exploit the vulnerabilities they find.... Those may not be as honest
> Only a small minority of serious vulnerabilities appear to be disclosed anywhere outside a vendor advisory, making it extremely dangerous to rely on press coverage (or any other casual source) for evaluating personal risk.
I've always had a feeling that the cycle of reading an article on publicized security flaw X and then jumping in response to update or replace something immediately was kinda pointless. Seems better to have a regular update schedule and practice good defense in depth than to watch the tech media and obsess over their reports.