That's not what happens though, you know how difficult an exploit is to create, you literally cannot do it for minimum wage, even if that's the market rate. If the market evaporates, then less exploits are produced.
-
-
Replying to @taviso @saleemrash1d and
like, sure, true: *overall* less exploits will be produced, but the amount of exploits that the bad guys will have available will be just the same or more.
1 reply 1 retweet 0 likes -
Replying to @qwertyoruiopz @saleemrash1d and
I don't follow sorry, if less exploits will be produced then how will they have more available?
2 replies 0 retweets 0 likes -
Replying to @taviso @qwertyoruiopz and
I don’t get this line of thinking it’s as if the argument being made is the only market for 0 days is the government? That seems specious?
1 reply 0 retweets 0 likes -
Replying to @rmhrisk @qwertyoruiopz and
No, an exploit costs a lot of money to produce, and government spending means that money is available. If that money dries up, then less exploits will be produced.
2 replies 0 retweets 2 likes -
the real Q then is: to whom is it good that less exploits are produced? certainly not to the individual bystander. maybe it's good for the "0day slayer" group since it gives them time, but i don't think that's an outcome that is better for anyone else.
1 reply 2 retweets 1 like -
Replying to @qwertyoruiopz @rmhrisk and
Is fixing bugs generally good for society? If you disagree, then it seems you must be in favour of key escrow for governments?
1 reply 0 retweets 0 likes -
less exploits being produced != more bugs being fixed.
2 replies 1 retweet 2 likes -
Replying to @qwertyoruiopz @rmhrisk and
No, but I thought we already agreed it buys more time, and also moves incentives towards fixing bugs rather than exploiting them. But... I am curious if you're in favour of key escrow for governments?
2 replies 0 retweets 0 likes -
i'm strong in favour of 0day, strong against key escrow.
2 replies 1 retweet 3 likes
What's your rationale, it seems like key escrow aligns with your philosophy of allowing governments access is a good thing?
-
-
it's a good thing if they do so with 0day, since it 1. has costs which limit scope of usage to only critical stuff, 2. it has a side effect of growing the security research community, meaning more eyeballs overall might end up killing bugs, 3. 0day is there no matter what.
2 replies 0 retweets 7 likes -
Replying to @qwertyoruiopz @rmhrisk and
They both have costs, just different costs. For example, presumably key escrow would require judicial approval. I think maybe you're counting costs per-exploit, not per-compromise, because they're pretty cost effective, no?
1 reply 0 retweets 0 likes - 41 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.