"Making Zero-Day Flaws Disappear"
According to Maddie Stone, a security researcher with Google's Project Zero bug-hunting team, about 21 zero-day vulnerabilities have been discovered so far in 2021. The number of zero-day vulnerabilities is expected to reach more than 60 if that pace continues. The team found a total of 24 zero-day flaws last year. The significant growth in zero-day vulnerabilities is said to be a result of improved visibility into the bigger picture. Stone says the key to battling zero-day exploits is raising defensive barriers and employing new methods that increase work for exploit writers. There are various ways to raise attacker costs, including time and money. Software developers are encouraged to write better patches to ensure that associated vulnerabilities are addressed by one patch, as nearly 25 percent of zero-day flaws discovered in 2020 were closely related to previously disclosed vulnerabilities. The window of time between the detection of a zero-day flaw and patch release must also be minimized, as this timeline often stretches from a few weeks to a couple of months. To shrink this timeline, Stone calls on the reimagination of vulnerability mitigation for software and devices, with emphasis on making mitigation options available within seven days to weaken the impact of the flaw. It is also important to increase the adoption of Rust, Go, and other memory-safe programming languages designed to prevent programmers from introducing certain types of bugs related to how memory is used. This article continues to discuss the growth in zero-day vulnerabilities and different strategies for raising costs for attackers in the exploitation of such flaws.