I dunno, it's a pretty weak argument, the victim can detect it and then use it to attack other people. That has really happened, e.g. Shadow Brokers.
-
-
Replying to @taviso @saleemrash1d and
are entities capable of detecting use of such 0day really unable to procure 0day on their own anyway?
3 replies 1 retweet 10 likes -
Replying to @qwertyoruiopz @saleemrash1d and
In some cases, sure - hard to imagine some terrorist in a cave has access to a 0day broker. To be clear, I absolutely think the military should be able to get access to comms equipment of dangerous people, but... not by putting innocent people at risk.
2 replies 0 retweets 4 likes -
Replying to @taviso @saleemrash1d and
is some terrorist in a cave able to detect use of 0day and re-weaponize it against others? seems far-fetched. and as long as governments aren't actively planting 0day, i'd assume innocent people were at risk the whole time anyway, but unaware.
3 replies 0 retweets 8 likes -
Replying to @qwertyoruiopz @saleemrash1d and
Yes, innocent people are at risk the whole time anyway, and I think you're obligated to help them. Otherwise it's like finding someone having a heart attack and saying "If I had taken the long way home, I wouldn't have found you, so no ethical obligation to call an ambulance"?
1 reply 0 retweets 3 likes -
Replying to @taviso @saleemrash1d and
likelihood of anyone at all finding 0day is lower if there's a weaker economic incentive to do so, and hey, people who sell 0day may even report a good amount of bugs, too.
1 reply 2 retweets 3 likes -
Replying to @qwertyoruiopz @saleemrash1d and
Hmm, I think your argument is that it's better to have people incentivized to find bugs and exploit them, because there's a small chance they will be caught. If they didn't find them, that would buy people trying to fix them time, so isn't that worse?
1 reply 0 retweets 1 like -
Replying to @taviso @saleemrash1d and
not really, you assume that the bad guys wouldn't also be looking?
1 reply 1 retweet 1 like -
Replying to @qwertyoruiopz @saleemrash1d and
No, because it makes no difference to those of us trying to fix bugs what the 0day market looks like. So if bad guys are looking less because they have less incentives, that gives us an advantage.
2 replies 0 retweets 0 likes -
Replying to @taviso @saleemrash1d and
isn't giving more time to people who fix bugs out of the goodness of their heart (or goog salary, I guess?) at the cost of less overall bugs being killed at all worse for the innocent 3rd party?
1 reply 0 retweets 0 likes
I don't follow this argument, it really seems like a convenient rationalization 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.