On 07/15/2017 04:54 AM, Georgi Guninski wrote:
On Fri, Jul 14, 2017 at 10:22:32AM -0400, John Newman wrote:
Bugs that already have some PoC or other code to exploit the issue? Or the sum total of all exploitable bugs, discovered and undiscovered?
The first case should be relatively small with a very current release.. the second case obviously could be different.
I meant all bugs, including the unknown.
The question reminds me of Donald Rumsfeld, with his "known knowns" threats (exploits in the wild, patches available or high priority works in progress), "known unknowns" (theoretically exploitable code but no exploits reported, patching or redesign proceeds at routine priority), and "unknown unknowns" (phantom fears and FUD). By definition, you can't count them all, and estimates will vary with the interests and motivations of whoever does the estimating. If I had to work up an estimate, I would want to look at all avaialble historical data for both raw counts of discovered exploitable coding errors and malfetures, and trends in the prevalence of same. I would also want to publish data developed by using the same protocol to produce figures for other widely deployed families of kernels, to make the information useful in practical contexts. :o)