How is the infosec community doing on the war on zero-days?

Lessons learned from Google and Microsoft vulnerabilities, published in Dark Reading… and introducing ‘Pwnership’

When two zero-days hit Google Chrome and Microsoft Windows earlier this month, it was a very real reminder that even the industry giants are not immune.

PolySwarm CTO Paul Makowski recently wrote an article published on Information Week’s Dark Reading — one of the leading IT security news sites — providing tips to minimize the impact from zero-days. Both IT professionals charged with protecting corporate networks as well as software developers and engineers will glean some actionable takeaways. In the piece, Makowski also coins a new term: pwnership.

“When selecting targets, attackers often consider total cost of ‘pwnership’ — the expected cost of an operation versus the likelihood of success (times) expected value,” Makowski told Dark Reading. “As a defender or a software engineer, conduct the same analysis — and consider the way your choices impact the security of software development and deployment.”

READ THE FULL PIECE ON DARK READING HERE.

PolySwarm is also helping fight the war on zero-days with its novel threat detection marketplace. While economics fuels the bad guys, it can also have motivating factors on the good side. PolySwarm, a multi-scanner threat detection marketplace, provides economic incentives for security experts and antivirus companies as they compete to detect the latest threats. PolySwarm’s decentralized open market for intelligence bringings together mainstream anti-malware vendors, small companies and independent experts worldwide providing financial rewards for those that accurately detect malicious artifacts. Some engines on the marketplace will do this by attempting to predict vulnerability exploitation.

Learn more about PolySwarm and it’s threat detection marketplace here.