Less Than Zero, Part One By Alan Shimel, StillSecure

A StillSecure approach to vulnerabilities, exploits, patches, and security

The security industry and trade press have directed a lot of attention toward the "Zero-day attack," promoting it as THE threat to guard against. According to the marketing hype, the Zero-Day attack is the one that you should most fear, so you must put in place measures (i.e., buy stuff) to defend your organization from it.

The Zero-Day threat is born the moment a vulnerability is publicly announced or acknowledged. But what about the period of time that the threat existed before being announced. At StillSecure we call this class "Less-Than-Zero" threat. In this two-part series I'll examine this Less-Than-Zero threat, compare it to the Zero-Day threat, and discuss ways to protect yourself from Less-Than-Zero attacks and vulnerabilities for which patches, signatures, etc. do not yet exist.