Yes, innocent people are at risk the whole time anyway, and I think you're obligated to help them. Otherwise it's like finding someone having a heart attack and saying "If I had taken the long way home, I wouldn't have found you, so no ethical obligation to call an ambulance"?
-
-
Replying to @taviso @saleemrash1d and
likelihood of anyone at all finding 0day is lower if there's a weaker economic incentive to do so, and hey, people who sell 0day may even report a good amount of bugs, too.
1 reply 2 retweets 3 likes -
Replying to @qwertyoruiopz @saleemrash1d and
Hmm, I think your argument is that it's better to have people incentivized to find bugs and exploit them, because there's a small chance they will be caught. If they didn't find them, that would buy people trying to fix them time, so isn't that worse?
1 reply 0 retweets 1 like -
Replying to @taviso @saleemrash1d and
not really, you assume that the bad guys wouldn't also be looking?
1 reply 1 retweet 1 like -
Replying to @qwertyoruiopz @saleemrash1d and
No, because it makes no difference to those of us trying to fix bugs what the 0day market looks like. So if bad guys are looking less because they have less incentives, that gives us an advantage.
2 replies 0 retweets 0 likes -
Replying to @taviso @saleemrash1d and
as in sure, there's less incentives market, bugs aren't used as much overall, but you're only really changing the rate at which "the good guys" use 0day, making 0day overall cheaper for "the bad guys"
1 reply 1 retweet 1 like -
Replying to @qwertyoruiopz @taviso and
you argue that this is still good anyway because it buys "people who kill bugs" time, but is that really good for the hypothetical innocent person who now is half as expensive to pwn?
1 reply 0 retweets 0 likes -
Replying to @qwertyoruiopz @saleemrash1d and
That's not what happens though, you know how difficult an exploit is to create, you literally cannot do it for minimum wage, even if that's the market rate. If the market evaporates, then less exploits are produced.
2 replies 0 retweets 1 like -
Replying to @taviso @saleemrash1d and
i don't really follow this line of thought, is stealing 0day from governments the only source of 0day for "the bad guys"?
1 reply 1 retweet 2 likes
Sure, but that was a long time ago in computer years, things are different today 
-
-
Replying to @taviso @basalberts and
Yes now there’s a 600 billion dollar cybercrime market.https://www.google.com/amp/s/www.vice.com/amp/en_us/article/mbmmgx/uk-government-releases-photos-of-russian-hackers-whose-lives-look-awesome …
1 reply 0 retweets 0 likes -
(Camouflaged Lambos for everyone!)
1 reply 0 retweets 1 like - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.