[Dailydave] Various things people say.

[Dave Aitel]

http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html

*Should NSA point out holes?*

Among the weapons in the NSA's arsenal are "zero day" exploits, tools
that take advantage of previously unknown vulnerabilities in software
and hardware to break into a computer system. The panel recommended that
U.S. policy aim to block zero-day attacks by having the NSA and other
government agencies alert companies to vulnerabilities in their hardware
and software. That recommendation has drawn praise from security experts
such as Matt Blaze, a University of Pennsylvania computer scientist, who
said it would allow software developers and vendors to patch their
systems and protect consumers from attacks by others who may try to
exploit the same vulnerabilities.

"This is not to say that reporting a vulnerability means that NSA can't
also exploit it against their targets, only that their overall national
security role means that their first responsibility must be to work to
fix it," Blaze said.

But Schaeffer said: "You're taking a potential weapon away from the very
people we're asking to protect the nation. Those people ought to be able
to use their best technical professional judgment as to when it's
appropriate to alert industry that there's a vulnerability."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140108/682faeba/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140108/682faeba/attachment.sig>