Threat modelling for zero-day vulnerabilities
Threat modelling for zero-day vulnerabilities is a peculiar exercise in preparing for the unknowable. These are not the comfortable, catalogue‑ready bugs that live in CVE databases. These are the ones nobody—least of all the vendor—has seen fit to admit exist. They arrive without warning, without a patch, and with precisely zero days’ notice before being exploited. The task, therefore, is less about ticking boxes and more about building the sort of resilience that can withstand the unexpected without falling to pieces. ...