So when assessing if a newly released vulnerability is going to be severe in the industry, the first questions asked typically are “is it being actively exploited?” and “is there a proof of concept?”.
This may be a dumb question but trying to wrap my head around this, when a proof of concept is posted publicly by an ethical hacker/researcher, is it bad in the sense that now real attackers can get their hands on PoC and perform real attacks? And if so why are proof of concepts posted publicly if they essentially just do the real hackers a favor by finding an exploit for them to take and make their own?
Not sure if that’s even how it works but essentially asking what happens among hackers/threat actors when a PoC is released publicly for a newly released vulnerability?
[link] [comments]
from hacking: security in practice https://ift.tt/ugREZfm
Comments
Post a Comment