Update
The "Race to 100" is officialy finished, the reason for this ... is... well, 100% will most likely never be reached. There was even one AV vendor that pulled the 0day detection signature from their database.

The history of what vendors detected the 0day at what timeframe can be found here :
http://blog.zoller.lu/2008/12/in-wild-ie7-0day-update.html

Similar to the idea of Race to Zero which was a challenge to evade AV detection as fast as possible (until 0 AV engines recognised the sample), this chart above displays the number of Anti-Virus software currently detecting the non-patched IE6,7,8 0day used to compromised computers all over the world. A race to 100, so to say. I will update the chart and the post below regularly. 38 would be 100%

2 comments

pa said... @ 23 December, 2008 12:03

Wouldn't that be a good idea for a program, that scans your software for security flaws? Like an anti-virus for security flaws. Instead of a virus list, it would have a flaw list.

Ives said... @ 11 July, 2010 15:02

I think too it would be a good idea for a program

Post a Comment