|
|
|
|
|
|
by Zigurd
3709 days ago
|
|
|
Inn the abstract is seems OK for researchers to simply sit on vulns they have found, but is that what really happens? Why do that? Do they get sold eventually? Are there a lot of cases where the developer is hostile to fixing them? How OK this is depends on the eventual disposition. The other one seems clearer: "Disclosing vulnerabilities to vendors kills exploits." Well, yes. The problem is that, in the present situation, endpoint security is terrible. It seems unlikely that our government has made it possible for themselves to break endpoint security, but not the Chinese or any other nation, organized crime group, or other non-state actor with some software smarts. It may take some catastrophic infrastructure penetration or super-Snowden leak to show why this is unwise. |
|
|