The black hats have a significant advantage over the good guys. They have better knowledge of the vulnerabilities in our systems than the defenders do. How? Because they develop exploits and continually test them for efficacy before releasing them in the wild. But 0-day exploits are the least of our problems from a volumetric perspective. There’s much more ‘low hanging fruit’ for the picking, with over 14,000 known vulnerabilities (non-0day) with a CVSS rating of 7 or higher. But how will we know where these holes exist when current penetration testing tools support only about 10% of the vulnerabilities. This is an asymmetrical advantage for the bad guys.
Together, we can level the playing field, and more. Details to be announced here.