The Zero-Day Attack Problem
With all of the effort put into software security over the past few years—particularly with open source projects like OpenBSD and OpenSSH—it would seem that the number of newly discovered vulnerabilities would be on the decline. However, new vulnerabilities are found in all sorts of software at an ever increasing pace, with no reprieve in sight.
The Bugtraq, Full-disclosure, and Vuln-dev mailing lists are quite active and provide excellent technical information and discussion on some of the latest exploits and attack techniques. Whole companies (like iDefense—see http://www.idefense.com) have sprung up with business models based on vulnerability tracking, providing services that act as vulnerability early-warning ...