Trace Unix exploit code in the late 1980s and early 1990s and you'll find that vulnerability information and exploit code commonly circulated in the underground long before they made their way to FIRST, CERT or Bugtraq circles. Attackers used this knowledge as trump cards: Even if your Unix machine patches were up to date, you obviously had no patch for unknown holes. These vulnerabilities still exist today, leaving many systems in a "pants-down" state. This phenomena is one of the primary reasons defense-in-depth strategies are so important. We're not battling just the known; we're battling the unknown too.
The link for this article located at NWC is no longer available.