The Life of a Zero DayIn this whitepaper, discover the life of a zero day and the implications it may have for your business.
RAND Corporation’s report called Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits states that, "Zero-Day exploits and their underlying vulnerabilities have a 6.9 year life expectancy, on average." This is 2,521 days after the initial discovery to be precise. Hence, the reference to “Thousands of Nights”. This data suggests that the time between the discovery of a vulnerability by a researcher to public disclosure and patch availability is dramatically longer than most in the industry have thought.
Report Snap Shot
An exploit, as used by RAND, is a “malicious code that takes advantage of software vulnerabilities to infect, disrupt, or take control of a computer without the user’s consent and typically without their knowledge.”