[Dailydave] Neal Stephenson, the EFF and Exploit Sales

Michal Zalewski lcamtuf at coredump.cx
Fri Aug 10 18:09:00 EDT 2012

EFF takes a variety of positions on a variety of topics - and while
they are great folks, if this is the first time you disagree with one
of their positions, I'm surprised :-)

That said... the side effect of governments racing to hoard 0-days and
withhold them from the general public is that this drastically
increases the number of 0-day vulnerabilities that are known and
unpatched at any given time. This makes the Internet statistically
less safe, and gives the government a monopoly in deciding who is
"important enough" to get that information and patch themselves. The
disparity in purchasing power is also troubling, given that
governments have tons of "free money" to spend on defense, and are
eager to do so, outcompeting any other buyers.

So I don't find EFF's argument particularly weird; it's possible to
hold that position and believe that the current patterns of
vulnerability trade are detrimental to the health of the Internet.
It's also possible to hold a different view.


More information about the Dailydave mailing list