|
|
|
|
|
|
by md_
3397 days ago
|
|
|
Sure, I guess. As I noted elsewhere in this thread, in general your risk is that the cost of exploitation is low (e.g. Android 4.x) or your value of exploitation is high (e.g. San Bernardino shooter). Open vs closed source is a distinction I don't see a lot of folks in the security community take seriously, and for good reason: it's a response to a very specific threat model, where your concern is not primarily accidental 0days but intentional backdoors. I would posit that the cost of a backdoor is probably higher than the cost of an 0day: the reputational risk to Google or Apple if they were discovered to have planted one is worth potentially billions of dollars in sales, so they will spend a lot of money fighting any such court order (and, as far as we know, such an order has never been successfully made). The counterargument here is that if the government did win such an order, the backdoor is the gift that keeps on giving, whereas 0days eventually get patched and fixed. But that's a long digression. For most users, this is simply the wrong threat model. |
|
|