Lillian Ablon Profile picture
Jan 4, 2018 8 tweets 3 min read Twitter logo Read on Twitter
Here are a few insights on the #Meltdown and #Spectre vulnerabilities based on my recent @RANDCorporation research. /1…
First, this is yet another reminder that vulnerabilities can last a long time (our data showed vulnerabilities lasted 6.9 years before being publicly disclosed) and have a low chance of being discovered (5.7% per year). /2
But the #Meltdown / #Spectre news also has me thinking about a "swarm mentality" among hackers of all stripes after a vulnerability is disclosed. /3
This is based on the idea that, where one vulnerability exists, so do others. Thus, bug hunters and exploit developers alike "swarm" the code base after a high-profile disclosure. /4
I've heard a lot of colorful analogies for this: Vulnerability researchers are sharks who smell blood in the water. Or we're all kids at a youth soccer game, following whoever has the ball. /5
The takeaway is that a lot of groups are likely now combing through the code base where #Meltdown and #Spectre were found. So it's possible that other vulnerabilities will emerge, too. /6
(This can be good or bad news - largely depending on how easy it is to exploit new vulnerabilities found, and how quickly a patch can be applied.) /7
In my @RANDCorporation report, I call these "close collisions," where the discovery of one bug was a direct result a nearby bug's discovery. /fin…

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Lillian Ablon

Lillian Ablon Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!