undefined | Better HN

0 pointsipsin13y ago0 comments

Even if they weren't scripted, they were mostly softballs, and the talk was more an introduction than a detailed roadmap.

The most interesting question was about whether the NSA would prefer a perfectly secure internet or a usefully insecure one (roughly paraphrased).

That's not far from what I wanted to ask: given the offensive value of 0-day exploits (as seen with Stuxnet, regardless of who actually did it), can agencies in "Cyber Command" really be trusted to give theirs up via responsible disclosure?

0 comments

2 comments · 1 top-level

lawnchair_larry13y ago· 1 in thread

Your definition of "responsible" is not the same as everyone else. Try asking an actual question, not a question disguised to inject a moral judgment and re-ignite the disclosure debate that everyone was sick of 20 years ago.

ipsinOP13y ago

Late to the party, but... you really couldn't find a question in there? Let me try again.

My definition of "responsible" doesn't matter. I was suggesting that the government could adopt a policy it considers responsible, rather than just sitting on the exploits and using them for strategic advantage.

Unless there's a definition of "disclosure" that involves failing to disclose things to those in a position to fix the problems.

j / k navigate · click thread line to collapse