As a thought experiment, if you had to choose between a key escrow system accessible to due process (with all the risks you've spelled out) xor eliminating criminal/state access to 0day exploits, which would you choose? (I'm not making a point, just curious about your position).
I think you might have me confused with someone else, I'm opposed to key escrow. My concern is that people are encouraging more exploit hoarding as a substitute for key escrow, which sounds like might be what you're doing?
-
-
I used to be a red teamer. When we found 0days, we used them for the assignment at hand, but also reported them to clients and vendors ASAP. Would you find that an amendable model?
-
Fixing them is the important thing, because you have no way of preventing people you disapprove of from finding them as well. I'm not sure if I can say it's ok to exploit them while being fixed, is it okay for UAE to do that too?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

