[Dailydave] Neal Stephenson, the EFF and Exploit Sales

[Christian Heinrich]

Dave,

I believe the cause of this confusion is similar to that of say GPL vs
BSD i.e. both claim to represent Open Source but GPL has restrictions
while BSD doesn't.

The core issue is the actual confirmation that vulnerabilities have
been sold to government and the only academically vetted, please
withhold flames :), example that I am aware is that disputes this is
http://weis2007.econinfosec.org/papers/29.pdf.

Yes, it is possible that the market may have matured over the past
five years (i.e. I don't know) but I have observed someone claim to
know of someone else who had been offerred +100K for a vulnerability
in 2006 and then went silent when presented with
http://weis2007.econinfosec.org/papers/29.pdf

The other issue in relation to selling to government good and/or bad
is the terrorist vs "freedom fighter" (depending on who you are in the
global community) point of view.

On Sat, Aug 11, 2012 at 5:57 AM, Dave Aitel <dave at immunityinc.com> wrote:
> So your theory here is that because the EFF is calling for regulation of
> the government's ability to use 0day it has bought, that they are still
> advocating some sort of freedom? Frankly, I can't for the life of me
> understand why the EFF would take these positions - they seem counter to
> its mission, if not just completely confusing. It's like some selection
> of people at the EFF got scared that 0day exists and took a random
> position on the matter, completely ignoring that their (former) support
> base has the opposite position on the "equities issue".

-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact