[CentOS] what percent of time are there unpatched exploits against default config?

Fri Dec 30 15:15:00 UTC 2011
Lamar Owen <lowen at pari.edu>

On Wednesday, December 28, 2011 10:38:30 PM Craig White wrote:
> the top priority was to get the machine back online?
> Seems to me that you threw away the only opportunity to find out what
> you did wrong and to correct that so it doesn't happen again. You are
> left to endlessly suffer the endless possibilities and the extreme
> likelihood that it will happen again.

Agreed 100%.  There is an old saying that applies here 'penny wise but pound foolish.'

While getting back up quickly is a definite goal, fixing the underlying issue (which can only be done when the underlying issue is known!) is a far more important issue.  If downtime cannot be tolerated for a thorough investigation, then the high-availability plan needs to be adjusted to provide failover to another box/VM while the compromised box/VM is investigated.

As to the OP's original question about statistics, it seems to me that such statistics are useless for predictive analysis, and no matter how much history you have of past exploit timing this will not and cannot accurately predict the next exploit's timing or the exploitability of the next issue.

Now for risk assessment it might be useful to have some sort of metric, with the knowledge that no risk assessment is an accurate predictor of future exploitability.