On Thu, 26 Feb 2004 16:49:24 -0300, you said: > The fact that exploit code is made available after the patch is released, > is probably because the researchers > Made the vulnerability publicly available at same time as the patch was > released, otherwise MS wouldnt give > Credit to the researchers for the vuln. The part you should wonder about is why there's a flood of "me-too" exploits after the patch comes out. Which is more likely, 6 or 8 grey hats all hacking for 48 hours straight to be the first to release a sploit, or 6 or 8 grey hats all figuring their 0-day is about to get shut down so they should get some creds by releasing it and looking like a uber-coder?
Attachment:
pgp00095.pgp
Description: PGP signature