Dailydave mailing list archives
Re: Sympathy for the Devil
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 5 Apr 2012 21:16:48 -0700
The ethical choices aren't between harming computers or not harming them. The choices are between harming computers or harming people.
Uh, all sides of the debate are guilty of gross exaggeration - both in terms of the positive / negative impact of that trade, and the profits involved. And claims like that don't really help. I don't have any fundamental issue with people getting paid for vulnerability research. I may take offense if I believe the cause they are supporting is harmful to me or to the society at large, but it's seldom that black and white. So for most part, I'm ambivalent. The most significant problem I see with sales to "friendly governments" is that from a purely pragmatic standpoint, stuff leaks. A lot. Perhaps less so if it's used for the development of Stuxnet - but more so in the infinitely more common case of being passed around a plethora of private contractors and "vulnerability intelligence" companies that can't quite configure their PHP+SQL well; or getting incorporated into "everyday" surveillance tools. So I'm not exactly happy with the growing body of institutionalized, weaponized 0-day knowledge, and I think it's a good thing for the Internet. I don't think it should be regulated, but it's perfectly fair to call that out. Now, it's a separate topic that I don't personally think highly of people who sell to the highest bidder, without giving any consideration to what happens next - because really, not all of this is sold to "friendly governments". Again, it should probably be within their rights to exhibit this opportunistic lack of interest, but then, they probably shouldn't take offense in hearing an occasional rant. [ Fitting: http://3.bp.blogspot.com/_JK1WmVzbCkA/StiGD_mhlYI/AAAAAAAAAUE/mpwzM2v32GI/s400/oldman.jpg ] /mz _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Sympathy for the Devil Ben Nagy (Apr 05)
- Re: Sympathy for the Devil Michal Zalewski (Apr 05)
- Re: Sympathy for the Devil Robert Graham (Apr 05)
- Re: Sympathy for the Devil Michal Zalewski (Apr 05)