Should U.S. Hackers Fix Cybersecurity Holes Or Exploit Them?
Maybe someday we'll patch vulnerabilities faster than the enemy can use them in an attack, but we're not there yet.
There’s a debate going on about whether the U.S. government—specifically, the NSA and United States Cyber Command—should stockpile Internet vulnerabilities or disclose and fix them. It's a complicated problem, and one that starkly illustrates the difficulty of separating attack and defense in cyberspace.
A software vulnerability is a programming mistake that allows an adversary access into that system. Heartbleed is a recent example, but hundreds are discovered every year.
Unpublished vulnerabilities are called “zero-day” vulnerabilities, and they’re very valuable because no one is protected. Someone with one of those can attack systems world-wide with impunity...
- Tags:
- Cory Doctorow
- cyberweapons
- Dan Geer
- Federal Bureau of Investigation (FBI)
- hackers
- Heartbleed
- internet security
- Jack Goldsmith
- Michael Hayden
- National Security Agency (NSA)
- NOBUS
- Review Group on Intelligence and Communications Technologies
- software vulnerability
- Stuxnet
- U.S. Cyber Command (USCYBERCOM)
- U.S. Department of Defense (DoD)
- zero-day vulnerabilities
- Login to post comments