Ms. Stone is part of a security team known as Project Zero, which has tracked more than 150 zero-day bugs over the past six years. According to Ms. Stone, security teams often fix software vulnerabilities incompletely, and hackers can get back in by changing a few lines of code or adding a few tweaks.
Ms. Stone said security teams at software firms are often working with limited resources and time, which may contribute to zero-day vulnerabilities. Security teams, she said, are often focused on fixing a specific flaw instead of the root cause of the flaw in its entirety.
“We’re not requiring attackers to come up with all new bug classes, develop brand new exploitation, look at code that has never been researched before,” Ms. Stone said during a Feb. 16 security conference, according to MIT Technology Review. “We’re allowing the reuse of lots of different vulnerabilities that we previously knew about.”
More articles on cybersecurity:
Hacker infiltrates Iowa medical group’s computer system; 34,000 patients’ info exposed
HIPAA Right of Access cases surpass $1M –16 providers that have paid settlements
30 popular mobile health apps vulnerable to cyberattacks, PHI exposure
