A new RAND Corporation study concludes that these “zero day” exploits, and the vulnerabilities they are based on, last longer than most thought. It found that the average vulnerability had a “life expectancy” of 6.9 years before it became useless to hackers.