1. 9

This page is the summary; click the “Download ebook for free” link in the upper right for the full, 100+ page report


  2. 3

    Matt Blaze’s response (https://twitter.com/mattblaze/status/839910176916385794):

    “Interesting stat: they found ~6% of stockpiled vulnerabilities were independently rediscovered within a year. Q is what that tells us.”

    “Note that 6% seems small, but it’s basically a lower bound - no way to know about vuls found and kept secret by others.”

    “My sense is that this space is highly non-uniform, so over-interpreting the 6%/yr number is probably unwise. Need to find more factors.”

    “Not-very-bold prediction: the RAND study will be widely cited to make categorical statements that support opposite conclusions.”