you argue that this is still good anyway because it buys "people who kill bugs" time, but is that really good for the hypothetical innocent person who now is half as expensive to pwn?
-
-
Replying to @qwertyoruiopz @saleemrash1d and
That's not what happens though, you know how difficult an exploit is to create, you literally cannot do it for minimum wage, even if that's the market rate. If the market evaporates, then less exploits are produced.
2 replies 0 retweets 1 like -
Replying to @taviso @saleemrash1d and
like, sure, true: *overall* less exploits will be produced, but the amount of exploits that the bad guys will have available will be just the same or more.
1 reply 1 retweet 0 likes -
Replying to @qwertyoruiopz @saleemrash1d and
I don't follow sorry, if less exploits will be produced then how will they have more available?
2 replies 0 retweets 0 likes -
Replying to @taviso @qwertyoruiopz and
I don’t get this line of thinking it’s as if the argument being made is the only market for 0 days is the government? That seems specious?
1 reply 0 retweets 0 likes -
Replying to @rmhrisk @qwertyoruiopz and
No, an exploit costs a lot of money to produce, and government spending means that money is available. If that money dries up, then less exploits will be produced.
2 replies 0 retweets 2 likes -
the real Q then is: to whom is it good that less exploits are produced? certainly not to the individual bystander. maybe it's good for the "0day slayer" group since it gives them time, but i don't think that's an outcome that is better for anyone else.
1 reply 2 retweets 1 like -
Replying to @qwertyoruiopz @rmhrisk and
Is fixing bugs generally good for society? If you disagree, then it seems you must be in favour of key escrow for governments?
1 reply 0 retweets 0 likes -
less exploits being produced != more bugs being fixed.
2 replies 1 retweet 2 likes -
Replying to @qwertyoruiopz @taviso and
your argument here was that less exploits being produced = more time for those who kill bugs to do so before exploits happen, but i don't see how that benefits anyone if overall bad guys have just as many exploits.
1 reply 0 retweets 1 like
I think your saying that less exploits being sold also means less bugs being fixed, but I don't follow, how does that work?
-
-
less exploits being sold = less research being done, even research that's not-for-sale = less bugs overall fixed. you can argue it's a very small effect and I'd agree, but no such implication is actually needed: even if the same exact amount of bugs are fixed, getting rid of
1 reply 0 retweets 0 likes -
Replying to @qwertyoruiopz @taviso and
"the good guys with the exploits" doesn't affect the rate at which innocents are being targeted by "the bad guys with the exploits", or it might even increase it since now 0day is cheaper for the bad guys to acquire :)
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.