Some absolutely fascinating research has just come out on what percentages and types of vulnerabilities are actually exploited in the wild. It found that only 5.5% of vulnerabilities discovered between 2009 and 2018 were actually exploited, with most of those being issues with a CVSS score of 9 or 10. The best part of the paper, however, was a discussion of optimal patching strategies, where they looked at different methodologies for what to patch and measured them against each other based on coverage (no misses) and efficiency (not patching what you don't have to). Options included patching by CVSS, whether or not there are public exploits, by vulnerability tags, etc. The ML model performed best, but it seemed that patching the CVSS 7 and above was decent as well, and for more efficiency but less coverage—CVSS 9 and above. Super interesting paper. More

The US is going to start requiring 5 years of social media account history from Visa applicants, as part of the filtering process. I'm genuinely curious as to how effective this is going to be. On the one hand, there will now be a market for creating and maintaining fake social media accounts that people can use for this purpose. But on the other hand, there will be many who don't want to go to that effort and either won't try to come, or will get caught in the filter. As with most things, the efficacy will come down to execution. More

A team at Stanford has made it possible to edit video using a text editor. So, editing the things that were said by the actual subject, to say something else entirely, but having it seamlessly injected into the video so it looks completely natural. More

No clips