That's not the argument, nobody is shedding tears for child abusers getting popped by the feds. The problem is you can't stop other people from abusing the same vulnerability, so you're putting innocent people in harm's way.
-
-
Replying to @taviso @josephfcox
Same argument could be made for reporting and patching though. Conficker, et al.
1 reply 0 retweets 11 likes -
Replying to @MalwareTechBlog @josephfcox
There is no perfect solution, the best we can do is optimize. I think reporting and patching vulnerabilities has better properties than hoarding them and praying only people you like discover them.
0 replies 8 retweets 48 likes -
I think that might be a false dichotomy
1 reply 1 retweet 1 like -
Replying to @taviso @scriptjunkie1 and
I'm with
@scriptjunkie1 . The false dichotomy is thinking Alice gets to choose between (a) reporting bugs to vendors full time or (b) selling bugs to responsible brokers. (a) doesn't pay a salary. So the choice is between (b) and not looking for bugs at all.2 replies 0 retweets 6 likes -
Replying to @tylerni7 @scriptjunkie1 and
You're just restating the same false dichotomy. Secondly, it's just plain wrong, it's absolutely possible to work in security research without having to sell exploits. There is no moral dilemma here.
1 reply 1 retweet 5 likes
Not sure recruiter spam is a useful measure of anything. The vast (very vast) majority of people who work in security research do so without selling exploits.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.