preview

For the Love of God Please Ban Zero Day Exploits

Decent Essays
There is an interesting discussion going on revolving around privacy experts, and security professional surrounding the use, and abuse of 0day exploits. Some of the talk comes surrounding a Bloomberg article titled: "US Contractors Scale Up Search for Heartbleed-Like Flaws " [1] The argument on the side of privacy / legal/ crypto experts (summarized) seems to be "we need to stop because it will get into the wrong hands" [2] "People are going to use it for the wrong reasons." Which is true to a degree but on a grand scale one of the most absurd things I have read in some time. No law pertaining to say guns, ever stopped a criminal from obtaining and using a gun. While one could argue the role of minimization of the usage of guns, I could argue back, the criminals could shift to using a knife, a knitting needle, a steak bone to inflict harm. The same can, and will likely apply to trying to stop the sale of 0day exploits. Let's be blunt about it the zero day market. There are ONLY two real procurers of zero day exploits: government and criminals. Criminalizing the sale of zero days is NOT going to stop the criminals, they're already underground doing what they do. Governments? Governments will do whatever they want. You can trick yourself into thinking they would stop if there were laws against it however, you'd be naive to think that some form of national security classification won't be slapped on the research, and the projects will move forward. Sort of akin to biological
Get Access