Life cycle of a security bug, roughly

• It is first discovered

• It is first exploited, usually manually

• It is announced

• A patch is made available

• Some people patch the hole

• A worm or virus exploits the hole

• More people patch it

• Eventually the software goes away

Previous slide

Next slide

Back to first slide

View graphic version