Holdings: Zero days, thousands of nights :

Zero days, thousands of nights :: the life and times of zero-day vulnerabilities and their exploits /

Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world...

Full description

Saved in:

Bibliographic Details
Main Authors:	Ablon, Lillian (Author), Bogart, Andy (Author)
Format:	Electronic eBook
Language:	English
Published:	Santa Monica, California : RAND, [2017]
Series:	Research report (Rand Corporation) ; RR-1751-RC.
Subjects:	2000-2099 Computer viruses > United States > Prevention > 21st century. Computer networks > Security measures > United States > 21st century. Internet > Security measures > United States > 21st century. Computers > Access control > United States > 21st century. Computer crimes > United States > Prevention > 21st century. Computer security > United States > 21st century. Réseaux d'ordinateurs > Sécurité > Mesures > États-Unis > 21e siècle. Internet > Sécurité > Mesures > États-Unis > 21e siècle. Ordinateurs > Accès > Contrôle > États-Unis > 21e siècle. Sécurité informatique > États-Unis > 21e siècle. COMPUTERS > Security > Viruses & Malware. COMPUTERS > Security > General. Computer crimes > Prevention Computer networks > Security measures Computer security Computer viruses > Prevention Computers > Access control Internet > Security measures United States
Online Access:	DE-862 DE-863
Summary:	Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that could augment conventional proxy examples and expert opinion, complement current efforts to create a framework for deciding whether to disclose or retain a cache of zero-day vulnerabilities and exploits, inform ongoing policy debates regarding stockpiling and vulnerability disclosure, and add extra context for those examining the implications and resulting liability of attacks and data breaches for U.S. consumers, companies, insurers, and for the civil justice system broadly. The authors provide insights about the zero-day vulnerability research and exploit development industry; give information on what proportion of zero-day vulnerabilities are alive (undisclosed), dead (known), or somewhere in between; and establish some baseline metrics regarding the average lifespan of zero-day vulnerabilities, the likelihood of another party discovering a vulnerability within a given time period, and the time and costs involved in developing an exploit for a zero-day vulnerability"--Publisher's description.
Item Description:	"March 15, 2017"--Table of contents page.
Physical Description:	1 online resource (xvii, 114 pages) : color illustrations
Bibliography:	Includes bibliographical references.
ISBN:	9780833097781 0833097784

Staff View

MARC


LEADER	00000cam a2200000 i 4500
001	ZDB-4-EBA-ocn976431100
003	OCoLC
005	20250103110447.0
006	m o d
007	cr \|\|\|\|\|\|\|\|\|\|\|
008	170320s2017 caua ob 000 0 eng d
040			\|a DOS \|b eng \|e rda \|e pn \|c DOS \|d DOS \|d OCLCF \|d MERUC \|d EBLCP \|d YDX \|d N$T \|d OCLCQ \|d OCLCA \|d N$T \|d AGLDB \|d IGB \|d CN8ML \|d SNK \|d INTCL \|d MHW \|d BTN \|d AUW \|d WRM \|d OCLCQ \|d VTS \|d DEBBG \|d OCLCQ \|d INT \|d D6H \|d OCLCQ \|d G3B \|d LVT \|d S8I \|d S8J \|d S9I \|d STF \|d OCLCQ \|d OCLCO \|d OCLCQ \|d OCLCO \|d OCLCL \|d OCLCQ
019			\|a 981649502 \|a 981897291 \|a 982010997
020			\|a 9780833097781 \|q (electronic bk.)
020			\|a 0833097784 \|q (electronic bk.)
020			\|z 9780833097613
020			\|z 083309761X
035			\|a (OCoLC)976431100 \|z (OCoLC)981649502 \|z (OCoLC)981897291 \|z (OCoLC)982010997
043			\|a n-us---
050		4	\|a QA76.76.C68 \|b A25 2017eb online
072		7	\|a COM \|x 015000 \|2 bisacsh
072		7	\|a COM \|x 053000 \|2 bisacsh
082	7		\|a 005.84 \|2 23
049			\|a MAIN
100	1		\|a Ablon, Lillian, \|e author.
245	1	0	\|a Zero days, thousands of nights : \|b the life and times of zero-day vulnerabilities and their exploits / \|c Lillian Ablon, Andy Bogart.
264		1	\|a Santa Monica, California : \|b RAND, \|c [2017]
264		4	\|c ©2017
300			\|a 1 online resource (xvii, 114 pages) : \|b color illustrations
336			\|a text \|b txt \|2 rdacontent
337			\|a computer \|b c \|2 rdamedia
338			\|a online resource \|b cr \|2 rdacarrier
490	1		\|a Research report ; \|v RR-1751-RC
588	0		\|a Online resource; title from PDF title page (EBSCO, viewed January 16, 2018).
500			\|a "March 15, 2017"--Table of contents page.
504			\|a Includes bibliographical references.
505	0	0	\|t Preface -- \|t Figures and Tables -- \|t Summary -- \|t Acknowledgments -- \|g 1. \|t Introduction: \|t Little Is Known About the Extent, Use, Benefit, or Harm of Zero-Day Exploits -- \|t Should the U.S. Government Disclose Zero-Day Vulnerabilities? -- \|t There Are Many Considerations That Stakeholders Want Addressed -- \|t Research Questions and the Purpose of This Research -- \|t Intended Audience for This Research -- \|t Breaking Down the Zero-Day Space -- \|t Data for This Research -- \|t Methodology of Research and Data Collection -- \|t Organization of This Report -- \|g 2. \|t More Discussion of Zero-Day Vulnerabilities: \|t Nature of Zero-Day Vulnerabilities -- \|t Exploit Development Basics and Considerations -- \|t Exploit Development Cycle -- \|t People in the Zero-Day Vulnerability Space -- \|t Business Models -- \|g 3. \|t Analysis of the Data: \|g 1. \|t Life Status: Is the Vulnerability Really a Zero-Day? Is It Alive (Publicly Unknown) or Dead (Known to Others)? -- \|g 2. \|t Longevity: How Long Will the Vulnerability Remain Undiscovered and Undisclosed to the Public? -- \|g 3. \|t Collision Rate: What Is the Likelihood That Others Will Discover and Disclose the Vulnerability? -- \|g 4. \|t Cost: What Is the Cost to Develop an Exploit for the Vulnerability? -- \|g 4. \|t Conclusions and Implications -- \|t APPENDIXES -- \|t References.
520			\|a Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that could augment conventional proxy examples and expert opinion, complement current efforts to create a framework for deciding whether to disclose or retain a cache of zero-day vulnerabilities and exploits, inform ongoing policy debates regarding stockpiling and vulnerability disclosure, and add extra context for those examining the implications and resulting liability of attacks and data breaches for U.S. consumers, companies, insurers, and for the civil justice system broadly. The authors provide insights about the zero-day vulnerability research and exploit development industry; give information on what proportion of zero-day vulnerabilities are alive (undisclosed), dead (known), or somewhere in between; and establish some baseline metrics regarding the average lifespan of zero-day vulnerabilities, the likelihood of another party discovering a vulnerability within a given time period, and the time and costs involved in developing an exploit for a zero-day vulnerability"--Publisher's description.
650		0	\|a Computer viruses \|z United States \|x Prevention \|y 21st century.
650		0	\|a Computer networks \|x Security measures \|z United States \|y 21st century.
650		0	\|a Internet \|x Security measures \|z United States \|y 21st century.
650		0	\|a Computers \|x Access control \|z United States \|y 21st century.
650		0	\|a Computer crimes \|z United States \|x Prevention \|y 21st century.
650		0	\|a Computer security \|z United States \|y 21st century.
650		6	\|a Réseaux d'ordinateurs \|x Sécurité \|x Mesures \|z États-Unis \|y 21e siècle.
650		6	\|a Internet \|x Sécurité \|x Mesures \|z États-Unis \|y 21e siècle.
650		6	\|a Ordinateurs \|x Accès \|x Contrôle \|z États-Unis \|y 21e siècle.
650		6	\|a Sécurité informatique \|z États-Unis \|y 21e siècle.
650		7	\|a COMPUTERS \|x Security \|x Viruses & Malware. \|2 bisacsh
650		7	\|a COMPUTERS \|x Security \|x General. \|2 bisacsh
650		7	\|a Computer crimes \|x Prevention \|2 fast
650		7	\|a Computer networks \|x Security measures \|2 fast
650		7	\|a Computer security \|2 fast
650		7	\|a Computer viruses \|x Prevention \|2 fast
650		7	\|a Computers \|x Access control \|2 fast
650		7	\|a Internet \|x Security measures \|2 fast
651		7	\|a United States \|2 fast \|1 https://id.oclc.org/worldcat/entity/E39PBJtxgQXMWqmjMjjwXRHgrq
648		7	\|a 2000-2099 \|2 fast
700	1		\|a Bogart, Andy, \|e author.
710	2		\|a Institute for Civil Justice (U.S.), \|e issuing body.
758			\|i has work: \|a Zero days, thousands of nights (Text) \|1 https://id.oclc.org/worldcat/entity/E39PCH7wCg7ym8BM77BgRCdcdP \|4 https://id.oclc.org/worldcat/ontology/hasWork
830		0	\|a Research report (Rand Corporation) ; \|v RR-1751-RC.
966	4	0	\|l DE-862 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1496778 \|3 Volltext
966	4	0	\|l DE-863 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1496778 \|3 Volltext
938			\|a EBL - Ebook Library \|b EBLB \|n EBL4834073
938			\|a EBSCOhost \|b EBSC \|n 1496778
938			\|a YBP Library Services \|b YANK \|n 13953256
994			\|a 92 \|b GEBAY
912			\|a ZDB-4-EBA
049			\|a DE-862
049			\|a DE-863

Record in the Search Index

DE-BY-FWS_katkey	ZDB-4-EBA-ocn976431100
_version_	1829095101059563520
adam_text
any_adam_object
author	Ablon, Lillian Bogart, Andy
author_facet	Ablon, Lillian Bogart, Andy
author_role	aut aut
author_sort	Ablon, Lillian
author_variant	l a la a b ab
building	Verbundindex
bvnumber	localFWS
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.76.C68 A25 2017eb online
callnumber-search	QA76.76.C68 A25 2017eb online
callnumber-sort	QA 276.76 C68 A25 42017EB ONLINE
callnumber-subject	QA - Mathematics
collection	ZDB-4-EBA
contents	Preface -- Figures and Tables -- Summary -- Acknowledgments -- Introduction: Little Is Known About the Extent, Use, Benefit, or Harm of Zero-Day Exploits -- Should the U.S. Government Disclose Zero-Day Vulnerabilities? -- There Are Many Considerations That Stakeholders Want Addressed -- Research Questions and the Purpose of This Research -- Intended Audience for This Research -- Breaking Down the Zero-Day Space -- Data for This Research -- Methodology of Research and Data Collection -- Organization of This Report -- More Discussion of Zero-Day Vulnerabilities: Nature of Zero-Day Vulnerabilities -- Exploit Development Basics and Considerations -- Exploit Development Cycle -- People in the Zero-Day Vulnerability Space -- Business Models -- Analysis of the Data: Life Status: Is the Vulnerability Really a Zero-Day? Is It Alive (Publicly Unknown) or Dead (Known to Others)? -- Longevity: How Long Will the Vulnerability Remain Undiscovered and Undisclosed to the Public? -- Collision Rate: What Is the Likelihood That Others Will Discover and Disclose the Vulnerability? -- Cost: What Is the Cost to Develop an Exploit for the Vulnerability? -- Conclusions and Implications -- APPENDIXES -- References.
ctrlnum	(OCoLC)976431100
dewey-full	005.84
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.84
dewey-search	005.84
dewey-sort	15.84
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
era	2000-2099 fast
era_facet	2000-2099
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>06253cam a2200769 i 4500</leader><controlfield tag="001">ZDB-4-EBA-ocn976431100</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20250103110447.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr \|\|\|\|\|\|\|\|\|\|\|</controlfield><controlfield tag="008">170320s2017 caua ob 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DOS</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">DOS</subfield><subfield code="d">DOS</subfield><subfield code="d">OCLCF</subfield><subfield code="d">MERUC</subfield><subfield code="d">EBLCP</subfield><subfield code="d">YDX</subfield><subfield code="d">N$T</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCA</subfield><subfield code="d">N$T</subfield><subfield code="d">AGLDB</subfield><subfield code="d">IGB</subfield><subfield code="d">CN8ML</subfield><subfield code="d">SNK</subfield><subfield code="d">INTCL</subfield><subfield code="d">MHW</subfield><subfield code="d">BTN</subfield><subfield code="d">AUW</subfield><subfield code="d">WRM</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">VTS</subfield><subfield code="d">DEBBG</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">INT</subfield><subfield code="d">D6H</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">G3B</subfield><subfield code="d">LVT</subfield><subfield code="d">S8I</subfield><subfield code="d">S8J</subfield><subfield code="d">S9I</subfield><subfield code="d">STF</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">981649502</subfield><subfield code="a">981897291</subfield><subfield code="a">982010997</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780833097781</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0833097784</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9780833097613</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">083309761X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)976431100</subfield><subfield code="z">(OCoLC)981649502</subfield><subfield code="z">(OCoLC)981897291</subfield><subfield code="z">(OCoLC)982010997</subfield></datafield><datafield tag="043" ind1=" " ind2=" "><subfield code="a">n-us---</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.76.C68</subfield><subfield code="b">A25 2017eb online</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">015000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">053000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.84</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Ablon, Lillian,</subfield><subfield code="e">author.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Zero days, thousands of nights :</subfield><subfield code="b">the life and times of zero-day vulnerabilities and their exploits /</subfield><subfield code="c">Lillian Ablon, Andy Bogart.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Santa Monica, California :</subfield><subfield code="b">RAND,</subfield><subfield code="c">[2017]</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2017</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (xvii, 114 pages) :</subfield><subfield code="b">color illustrations</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="1" ind2=" "><subfield code="a">Research report ;</subfield><subfield code="v">RR-1751-RC</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Online resource; title from PDF title page (EBSCO, viewed January 16, 2018).</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">"March 15, 2017"--Table of contents page.</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references.</subfield></datafield><datafield tag="505" ind1="0" ind2="0"><subfield code="t">Preface --</subfield><subfield code="t">Figures and Tables --</subfield><subfield code="t">Summary --</subfield><subfield code="t">Acknowledgments --</subfield><subfield code="g">1.</subfield><subfield code="t">Introduction:</subfield><subfield code="t">Little Is Known About the Extent, Use, Benefit, or Harm of Zero-Day Exploits --</subfield><subfield code="t">Should the U.S. Government Disclose Zero-Day Vulnerabilities? --</subfield><subfield code="t">There Are Many Considerations That Stakeholders Want Addressed --</subfield><subfield code="t">Research Questions and the Purpose of This Research --</subfield><subfield code="t">Intended Audience for This Research --</subfield><subfield code="t">Breaking Down the Zero-Day Space --</subfield><subfield code="t">Data for This Research --</subfield><subfield code="t">Methodology of Research and Data Collection --</subfield><subfield code="t">Organization of This Report --</subfield><subfield code="g">2.</subfield><subfield code="t">More Discussion of Zero-Day Vulnerabilities:</subfield><subfield code="t">Nature of Zero-Day Vulnerabilities --</subfield><subfield code="t">Exploit Development Basics and Considerations --</subfield><subfield code="t">Exploit Development Cycle --</subfield><subfield code="t">People in the Zero-Day Vulnerability Space --</subfield><subfield code="t">Business Models --</subfield><subfield code="g">3.</subfield><subfield code="t">Analysis of the Data:</subfield><subfield code="g">1.</subfield><subfield code="t">Life Status: Is the Vulnerability Really a Zero-Day? Is It Alive (Publicly Unknown) or Dead (Known to Others)? --</subfield><subfield code="g">2.</subfield><subfield code="t">Longevity: How Long Will the Vulnerability Remain Undiscovered and Undisclosed to the Public? --</subfield><subfield code="g">3.</subfield><subfield code="t">Collision Rate: What Is the Likelihood That Others Will Discover and Disclose the Vulnerability? --</subfield><subfield code="g">4.</subfield><subfield code="t">Cost: What Is the Cost to Develop an Exploit for the Vulnerability? --</subfield><subfield code="g">4.</subfield><subfield code="t">Conclusions and Implications --</subfield><subfield code="t">APPENDIXES --</subfield><subfield code="t">References.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that could augment conventional proxy examples and expert opinion, complement current efforts to create a framework for deciding whether to disclose or retain a cache of zero-day vulnerabilities and exploits, inform ongoing policy debates regarding stockpiling and vulnerability disclosure, and add extra context for those examining the implications and resulting liability of attacks and data breaches for U.S. consumers, companies, insurers, and for the civil justice system broadly. The authors provide insights about the zero-day vulnerability research and exploit development industry; give information on what proportion of zero-day vulnerabilities are alive (undisclosed), dead (known), or somewhere in between; and establish some baseline metrics regarding the average lifespan of zero-day vulnerabilities, the likelihood of another party discovering a vulnerability within a given time period, and the time and costs involved in developing an exploit for a zero-day vulnerability"--Publisher's description.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer viruses</subfield><subfield code="z">United States</subfield><subfield code="x">Prevention</subfield><subfield code="y">21st century.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="z">United States</subfield><subfield code="y">21st century.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Internet</subfield><subfield code="x">Security measures</subfield><subfield code="z">United States</subfield><subfield code="y">21st century.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computers</subfield><subfield code="x">Access control</subfield><subfield code="z">United States</subfield><subfield code="y">21st century.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer crimes</subfield><subfield code="z">United States</subfield><subfield code="x">Prevention</subfield><subfield code="y">21st century.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security</subfield><subfield code="z">United States</subfield><subfield code="y">21st century.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux d'ordinateurs</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures</subfield><subfield code="z">États-Unis</subfield><subfield code="y">21e siècle.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Internet</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures</subfield><subfield code="z">États-Unis</subfield><subfield code="y">21e siècle.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Ordinateurs</subfield><subfield code="x">Accès</subfield><subfield code="x">Contrôle</subfield><subfield code="z">États-Unis</subfield><subfield code="y">21e siècle.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique</subfield><subfield code="z">États-Unis</subfield><subfield code="y">21e siècle.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Security</subfield><subfield code="x">Viruses & Malware.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Security</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer crimes</subfield><subfield code="x">Prevention</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer viruses</subfield><subfield code="x">Prevention</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computers</subfield><subfield code="x">Access control</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Internet</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="651" ind1=" " ind2="7"><subfield code="a">United States</subfield><subfield code="2">fast</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PBJtxgQXMWqmjMjjwXRHgrq</subfield></datafield><datafield tag="648" ind1=" " ind2="7"><subfield code="a">2000-2099</subfield><subfield code="2">fast</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Bogart, Andy,</subfield><subfield code="e">author.</subfield></datafield><datafield tag="710" ind1="2" ind2=" "><subfield code="a">Institute for Civil Justice (U.S.),</subfield><subfield code="e">issuing body.</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Zero days, thousands of nights (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCH7wCg7ym8BM77BgRCdcdP</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="830" ind1=" " ind2="0"><subfield code="a">Research report (Rand Corporation) ;</subfield><subfield code="v">RR-1751-RC.</subfield></datafield><datafield tag="966" ind1="4" ind2="0"><subfield code="l">DE-862</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1496778</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="4" ind2="0"><subfield code="l">DE-863</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1496778</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBL - Ebook Library</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL4834073</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">1496778</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">13953256</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-862</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection>
geographic	United States fast https://id.oclc.org/worldcat/entity/E39PBJtxgQXMWqmjMjjwXRHgrq
geographic_facet	United States
id	ZDB-4-EBA-ocn976431100
illustrated	Illustrated
indexdate	2025-04-11T08:43:40Z
institution	BVB
isbn	9780833097781 0833097784
language	English
oclc_num	976431100
open_access_boolean
owner	MAIN DE-862 DE-BY-FWS DE-863 DE-BY-FWS
owner_facet	MAIN DE-862 DE-BY-FWS DE-863 DE-BY-FWS
physical	1 online resource (xvii, 114 pages) : color illustrations
psigel	ZDB-4-EBA FWS_PDA_EBA ZDB-4-EBA
publishDate	2017
publishDateSearch	2017
publishDateSort	2017
publisher	RAND,
record_format	marc
series	Research report (Rand Corporation) ;
series2	Research report ;
spelling	Ablon, Lillian, author. Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits / Lillian Ablon, Andy Bogart. Santa Monica, California : RAND, [2017] ©2017 1 online resource (xvii, 114 pages) : color illustrations text txt rdacontent computer c rdamedia online resource cr rdacarrier Research report ; RR-1751-RC Online resource; title from PDF title page (EBSCO, viewed January 16, 2018). "March 15, 2017"--Table of contents page. Includes bibliographical references. Preface -- Figures and Tables -- Summary -- Acknowledgments -- 1. Introduction: Little Is Known About the Extent, Use, Benefit, or Harm of Zero-Day Exploits -- Should the U.S. Government Disclose Zero-Day Vulnerabilities? -- There Are Many Considerations That Stakeholders Want Addressed -- Research Questions and the Purpose of This Research -- Intended Audience for This Research -- Breaking Down the Zero-Day Space -- Data for This Research -- Methodology of Research and Data Collection -- Organization of This Report -- 2. More Discussion of Zero-Day Vulnerabilities: Nature of Zero-Day Vulnerabilities -- Exploit Development Basics and Considerations -- Exploit Development Cycle -- People in the Zero-Day Vulnerability Space -- Business Models -- 3. Analysis of the Data: 1. Life Status: Is the Vulnerability Really a Zero-Day? Is It Alive (Publicly Unknown) or Dead (Known to Others)? -- 2. Longevity: How Long Will the Vulnerability Remain Undiscovered and Undisclosed to the Public? -- 3. Collision Rate: What Is the Likelihood That Others Will Discover and Disclose the Vulnerability? -- 4. Cost: What Is the Cost to Develop an Exploit for the Vulnerability? -- 4. Conclusions and Implications -- APPENDIXES -- References. Zero-day vulnerabilities--software vulnerabilities for which no patch or fix has been publicly released-- and their exploits are useful in cyber operations--whether by criminals, militaries, or governments--as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that could augment conventional proxy examples and expert opinion, complement current efforts to create a framework for deciding whether to disclose or retain a cache of zero-day vulnerabilities and exploits, inform ongoing policy debates regarding stockpiling and vulnerability disclosure, and add extra context for those examining the implications and resulting liability of attacks and data breaches for U.S. consumers, companies, insurers, and for the civil justice system broadly. The authors provide insights about the zero-day vulnerability research and exploit development industry; give information on what proportion of zero-day vulnerabilities are alive (undisclosed), dead (known), or somewhere in between; and establish some baseline metrics regarding the average lifespan of zero-day vulnerabilities, the likelihood of another party discovering a vulnerability within a given time period, and the time and costs involved in developing an exploit for a zero-day vulnerability"--Publisher's description. Computer viruses United States Prevention 21st century. Computer networks Security measures United States 21st century. Internet Security measures United States 21st century. Computers Access control United States 21st century. Computer crimes United States Prevention 21st century. Computer security United States 21st century. Réseaux d'ordinateurs Sécurité Mesures États-Unis 21e siècle. Internet Sécurité Mesures États-Unis 21e siècle. Ordinateurs Accès Contrôle États-Unis 21e siècle. Sécurité informatique États-Unis 21e siècle. COMPUTERS Security Viruses & Malware. bisacsh COMPUTERS Security General. bisacsh Computer crimes Prevention fast Computer networks Security measures fast Computer security fast Computer viruses Prevention fast Computers Access control fast Internet Security measures fast United States fast https://id.oclc.org/worldcat/entity/E39PBJtxgQXMWqmjMjjwXRHgrq 2000-2099 fast Bogart, Andy, author. Institute for Civil Justice (U.S.), issuing body. has work: Zero days, thousands of nights (Text) https://id.oclc.org/worldcat/entity/E39PCH7wCg7ym8BM77BgRCdcdP https://id.oclc.org/worldcat/ontology/hasWork Research report (Rand Corporation) ; RR-1751-RC.
spellingShingle	Ablon, Lillian Bogart, Andy Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits / Research report (Rand Corporation) ; Preface -- Figures and Tables -- Summary -- Acknowledgments -- Introduction: Little Is Known About the Extent, Use, Benefit, or Harm of Zero-Day Exploits -- Should the U.S. Government Disclose Zero-Day Vulnerabilities? -- There Are Many Considerations That Stakeholders Want Addressed -- Research Questions and the Purpose of This Research -- Intended Audience for This Research -- Breaking Down the Zero-Day Space -- Data for This Research -- Methodology of Research and Data Collection -- Organization of This Report -- More Discussion of Zero-Day Vulnerabilities: Nature of Zero-Day Vulnerabilities -- Exploit Development Basics and Considerations -- Exploit Development Cycle -- People in the Zero-Day Vulnerability Space -- Business Models -- Analysis of the Data: Life Status: Is the Vulnerability Really a Zero-Day? Is It Alive (Publicly Unknown) or Dead (Known to Others)? -- Longevity: How Long Will the Vulnerability Remain Undiscovered and Undisclosed to the Public? -- Collision Rate: What Is the Likelihood That Others Will Discover and Disclose the Vulnerability? -- Cost: What Is the Cost to Develop an Exploit for the Vulnerability? -- Conclusions and Implications -- APPENDIXES -- References. Computer viruses United States Prevention 21st century. Computer networks Security measures United States 21st century. Internet Security measures United States 21st century. Computers Access control United States 21st century. Computer crimes United States Prevention 21st century. Computer security United States 21st century. Réseaux d'ordinateurs Sécurité Mesures États-Unis 21e siècle. Internet Sécurité Mesures États-Unis 21e siècle. Ordinateurs Accès Contrôle États-Unis 21e siècle. Sécurité informatique États-Unis 21e siècle. COMPUTERS Security Viruses & Malware. bisacsh COMPUTERS Security General. bisacsh Computer crimes Prevention fast Computer networks Security measures fast Computer security fast Computer viruses Prevention fast Computers Access control fast Internet Security measures fast
title	Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits /
title_alt	Preface -- Figures and Tables -- Summary -- Acknowledgments -- Introduction: Little Is Known About the Extent, Use, Benefit, or Harm of Zero-Day Exploits -- Should the U.S. Government Disclose Zero-Day Vulnerabilities? -- There Are Many Considerations That Stakeholders Want Addressed -- Research Questions and the Purpose of This Research -- Intended Audience for This Research -- Breaking Down the Zero-Day Space -- Data for This Research -- Methodology of Research and Data Collection -- Organization of This Report -- More Discussion of Zero-Day Vulnerabilities: Nature of Zero-Day Vulnerabilities -- Exploit Development Basics and Considerations -- Exploit Development Cycle -- People in the Zero-Day Vulnerability Space -- Business Models -- Analysis of the Data: Life Status: Is the Vulnerability Really a Zero-Day? Is It Alive (Publicly Unknown) or Dead (Known to Others)? -- Longevity: How Long Will the Vulnerability Remain Undiscovered and Undisclosed to the Public? -- Collision Rate: What Is the Likelihood That Others Will Discover and Disclose the Vulnerability? -- Cost: What Is the Cost to Develop an Exploit for the Vulnerability? -- Conclusions and Implications -- APPENDIXES -- References.
title_auth	Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits /
title_exact_search	Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits /
title_full	Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits / Lillian Ablon, Andy Bogart.
title_fullStr	Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits / Lillian Ablon, Andy Bogart.
title_full_unstemmed	Zero days, thousands of nights : the life and times of zero-day vulnerabilities and their exploits / Lillian Ablon, Andy Bogart.
title_short	Zero days, thousands of nights :
title_sort	zero days thousands of nights the life and times of zero day vulnerabilities and their exploits
title_sub	the life and times of zero-day vulnerabilities and their exploits /
topic	Computer viruses United States Prevention 21st century. Computer networks Security measures United States 21st century. Internet Security measures United States 21st century. Computers Access control United States 21st century. Computer crimes United States Prevention 21st century. Computer security United States 21st century. Réseaux d'ordinateurs Sécurité Mesures États-Unis 21e siècle. Internet Sécurité Mesures États-Unis 21e siècle. Ordinateurs Accès Contrôle États-Unis 21e siècle. Sécurité informatique États-Unis 21e siècle. COMPUTERS Security Viruses & Malware. bisacsh COMPUTERS Security General. bisacsh Computer crimes Prevention fast Computer networks Security measures fast Computer security fast Computer viruses Prevention fast Computers Access control fast Internet Security measures fast
topic_facet	Computer viruses United States Prevention 21st century. Computer networks Security measures United States 21st century. Internet Security measures United States 21st century. Computers Access control United States 21st century. Computer crimes United States Prevention 21st century. Computer security United States 21st century. Réseaux d'ordinateurs Sécurité Mesures États-Unis 21e siècle. Internet Sécurité Mesures États-Unis 21e siècle. Ordinateurs Accès Contrôle États-Unis 21e siècle. Sécurité informatique États-Unis 21e siècle. COMPUTERS Security Viruses & Malware. COMPUTERS Security General. Computer crimes Prevention Computer networks Security measures Computer security Computer viruses Prevention Computers Access control Internet Security measures United States
work_keys_str_mv	AT ablonlillian zerodaysthousandsofnightsthelifeandtimesofzerodayvulnerabilitiesandtheirexploits AT bogartandy zerodaysthousandsofnightsthelifeandtimesofzerodayvulnerabilitiesandtheirexploits AT instituteforciviljusticeus zerodaysthousandsofnightsthelifeandtimesofzerodayvulnerabilitiesandtheirexploits

Holdings

There is no print copy available.

Get full text

MARC

Record in the Search Index

There is no print copy available.

Similar Items