Dailydave mailing list archives
Re: Neal Stephenson, the EFF and Exploit Sales
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 14 Aug 2012 11:37:33 -0700
That's an assertion, and it really only holds logical water through the implicit premise that 'governments' are the only significant group that holds 0day without releasing them, and that 0day can't be in two places at once. I'd imagine you've already seen my point.
To be perfectly clear, I merely think that both sides have something resembling a valid argument, and I'm equally uncomfortable with both. I do think that *any* entity amassing 0-days is detrimental to the health of the Internet, precisely because of the risk of leaks and independent rediscovery; the culture of full disclosure may be not in the best interest of any individual researcher or entity, but it sort of helps them in the long haul. I find it unfortunate that the governments are so eager to play the game, because this leads to the proliferation of exploit trade. My personal thoughts aside, I am certainly not comfortable with any calls to control or curb the development of offensive software, though. When it comes to the idea that governments should take the moral high ground and not participate - which seems to be the argument EFF is making - I'm ambivalent. On one hand, it sounds interesting, on the other, is probably a pipe dream: we could just as well propose that they stop stockpiling weapons and going to wars.
As an aside, I'm fascinated by the constant emphasis on 0day here,
Well, that's sort of the premise of the whole thread. But yeah, I think this thread is about four times as serious and self-absorbed as it should be =) /mz _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Neal Stephenson, the EFF and Exploit Sales Dave Aitel (Aug 08)
- Re: Neal Stephenson, the EFF and Exploit Sales Kyle Maxwell (Aug 10)
- Re: Neal Stephenson, the EFF and Exploit Sales Dave Aitel (Aug 10)
- Re: Neal Stephenson, the EFF and Exploit Sales Michal Zalewski (Aug 13)
- Re: Neal Stephenson, the EFF and Exploit Sales Jason Syversen (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Ben Nagy (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Bas Alberts (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Michal Zalewski (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Dave Aitel (Aug 10)
- Re: Neal Stephenson, the EFF and Exploit Sales Don Bailey (Aug 13)
- Re: Neal Stephenson, the EFF and Exploit Sales Christian Heinrich (Aug 13)
- Re: Neal Stephenson, the EFF and Exploit Sales Tracy Reed (Aug 13)
- Re: Neal Stephenson, the EFF and Exploit Sales Adam Shostack (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Kyle Maxwell (Aug 10)
- Re: Neal Stephenson, the EFF and Exploit Sales Haroon Meer (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Rich Mogull (Aug 17)
- <Possible follow-ups>
- Re: Neal Stephenson, the EFF and Exploit Sales Loose Tweets (Aug 10)
- Re: Neal Stephenson, the EFF and Exploit Sales Loose Tweets (Aug 14)