Thursday, October 13, 2011

Microsoft says zero-day bugs are overrated?

According to Microsoft Jeff Jones, director of security with Microsoft's Trustworthy Computing Group, "…zero-days are not the most prevalent, and thus not the most dangerous, threats facing users." The Microsoft SIR (Security Information Report) published on October 11th states that "…exploits of zero-day vulnerabilities accounted for just 0.12% of all exploit activity during the first half of 2011." In Alfred E. Newman's (Mad Magazine) words, "What, me worry?"

Not to put too fine a point on it, but Mr. Jones should tell that to surviving families of the 12 Ford minivans full of children who were massacred in the pile up on the San Diego Freeway because some hacker decided to pull the pin on the virus he planted in the Microsoft-embedded operating system on those cars. Their mid-freeway stall was triggered by the Sponge Bob Square Pants DVD download. The other 988 minivans just had a be-glad-we-didn't-kill-you-today message appear on the navigation screen.

Way to "take one for the team, Jeff." Did your manager tell you to get out front and put zero-day bugs into perspective? Convince the world that Microsoft's security policies are rational after all? 

Just over one tenth of one percent. A mere twelve out of 1000. What, me worry?

Yeah, I think I'll worry.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?