RAND study examines 200 real-world 'zero-day' software vulnerabilities

(RAND Corporation) Zero-day software vulnerabilities -- security holes that developers haven't fixed or aren't aware of --- can lurk undetected for years, leaving software users particularly susceptible to hackers. A new study from the RAND Corporation, based on rare access to a dataset of more than 200 such vulnerabilities, provides insights about what entities should do when they discover them.