[Dailydave] Neal Stephenson, the EFF and Exploit Sales

Michal Zalewski lcamtuf at coredump.cx
Tue Aug 14 14:37:33 EDT 2012


> That's an assertion, and it really only holds logical water through
> the implicit premise that 'governments' are the only significant group
> that holds 0day without releasing them, and that 0day can't be in two
> places at once. I'd imagine you've already seen my point.

To be perfectly clear, I merely think that both sides have something
resembling a valid argument, and I'm equally uncomfortable with both.

I do think that *any* entity amassing 0-days is detrimental to the
health of the Internet, precisely because of the risk of leaks and
independent rediscovery; the culture of full disclosure may be not in
the best interest of any individual researcher or entity, but it sort
of helps them in the long haul.

I find it unfortunate that the governments are so eager to play the
game, because this leads to the proliferation of exploit trade. My
personal thoughts aside, I am certainly not comfortable with any calls
to control or curb the development of offensive software, though.

When it comes to the idea that governments should take the moral high
ground and not participate - which seems to be the argument EFF is
making - I'm ambivalent. On one hand, it sounds interesting, on the
other, is probably a pipe dream: we could just as well propose that
they stop stockpiling weapons and going to wars.

> As an aside, I'm fascinated by the constant emphasis on 0day here,

Well, that's sort of the premise of the whole thread. But yeah, I
think this thread is about four times as serious and self-absorbed as
it should be =)

/mz


More information about the Dailydave mailing list