Stockpiling zero-day vulnerabilities
Stockpiling zero-day vulnerabilities
Posted Aug 21, 2012 13:08 UTC (Tue) by ortalo (guest, #4654)Parent article: Stockpiling zero-day vulnerabilities
First, for me, this is still part of the security "circus": a way to attract attention and money to security by spending some on marketing issues. (And, by the way, note armies are pretty good at the security circus in peace time...)
What should be valued most by people (and I do not necessarily mean that it should be monetized) are security guarantees, not vulnerabilities.
What should be valued most by people (and I do not necessarily mean that it should be monetized) are security guarantees, not vulnerabilities.
And investment decisions on such guarantees are much more difficult to do reliably than inventing threat scenarios that can attract attention of... some public.
Personnally, I would even argue that all open-source OSes have avoided taking such decisions since their start (either by taking purely extremist or purely pragmatic directions). But that would just be to start the discussion.