Thursday, May 22, 2014

Should the NSA Disclose Exploits it Discovers?

A very important part of any attack is the ability to defend against it. One of the reasons for research into chemical and biological weapons is to be ready with a defense if or when an enemy develops them. The United State is far more dependent on electronic systems and networks than most of those attacking us. This disparity causes the MAD approach to favor the enemy.

Bruce Schneier makes a good point that, if there really are a large number of vulnerabilities then each side may be discovering different ones. This means that patching any discovered at this end would close it off from any exploitation but may not affect the ability of the other side to use another exploit. However, that seems more an argument for getting critical infrastructure off the public networks than for keeping the information secret.

Disclosing vs. Hoarding Vulnerabilities

No comments:

Post a Comment

Off topic comments will be deleted. Comments with spelling or grammar errors may be deleted unless they have hoplophobic or statist content in which case they will be highlighted and ridiculed.