ABSTRACT
So how does a vulnerability turn into a patch and an exploit? Moreover, which comes first — the vulnerability or the exploit? Is it the chicken and the egg scenario? No. However, it is easier than can be imagined. When a portion of Microsoft’s source code was publicly released, organizations and system administrators everywhere were waiting for the ax to fall. There was no major catastrophe because of it, but now patches are released monthly for multiple Microsoft products. Microsoft is not the only vendor affected by this type of scenario. Lots of source code is publicly available by default. Cisco’s IOS source code has been available for years. Cisco’s IOS vulnerabilities are released occasionally, granted, but typically, they are critical and require network administrators to upgrade the software running on the network device. Linux source code is also publicly available and, with that amount of source code available, the number of patches released for Linux systems is not an unachievable goal for any organization to deploy.
