[Dailydave] Neal Stephenson, the EFF and Exploit Sales

[Loose Tweets]

> "Unfortunately, if these exploits are being bought by governments for
> offensive purposes, then there is pressure to selectively harden
> sensitive targets while keeping the attack secret from everyone else,
> leaving technology—and its users—vulnerable to attack."

> So, taking these two together, what the EFF seems to advocate is that
> vulnerabilities and such purchased with the intent to be used for
> offensive operations should also be used in some way for defensive
> operations. Subject to OPSEC concerns, I think this is more or less
> correct: if we know of a bug, we know it has a limited shelf life
> (especially once it's used). It makes sense to then transition to
> fixing the same problem in our systems.

I get it now! If we just patch *all* the bugs, then there will be no
bugs left for anyone else to exploit. Guys, this is brilliant. How did
we get scooped by a few lawyers at the EFF when we've been working on
this for years?

-LT