The Log4j debacle showed again that public disclosure of 0-days only helps attackers

Help Net Security

On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on fire and sent companies scrambling to mitigate, patch and then patch again as additional PoCs appeared. Public vulnerability disclosure – i.e., the act of revealing to the world the existence of a bug in a piece of software, a library, extension, etc., and releasing a … More →

The post The Log4j debacle showed again that public disclosure of 0-days only helps attackers appeared first on Help Net Security.