资 源 简 介
ABSTRACT
Computer systems are subject to a vulnerability lifecycle: product release, vulnerability discovery, exploitation window, patch/mitigation release, vulnerability discovery, ad infinitum. Since human error and the introduction of vulnerabilities can never be fully eliminated, vendors have accepted the reality that their software will always be susceptible to attacks that take advantage of unknown vulnerabilities. The exploitation of a vulnerability whose details are unknown to the vendor is called an 0day (“oh-day” or “zero-day”) attack, in reference to the “zeroth” day of vendor awareness. Likewise, organizations with particular concern for the security of their information must assume that the software they employ is vulnerable to an attack they cannot hope to patch: the unknown, 0day threat. Instead, such entities rely on strategies that make it provably difficult or impossible to exploit an attack vector or a class of vulnerability. One such
