Hacker News new | ask | show | jobs
by ButtSpark69 1639 days ago
It's not the same thing to develop and keep an exploit for yourself, as it is to require the public companies in your country to report the important bugs they find while effectively also under a temporary gag order. They are super different things.
1 comments
clouddrover 1639 days ago
The super result is super the same: more vulnerabilities exploited for longer.
link
mlyle 1639 days ago
Surely you can see there's some difference in magnitude here, right? Which one does it more?

And even if the end result has some overlap, there's a bit of an ethical difference between:

* developing an exploit that you keep quiet

* preventing others from talking about exploits they discover

link
clouddrover 1639 days ago
Surely you can see that they're all bad actors, undermining the software and infrastructure that we all use, putting our systems and our data at risk through their grubby actions and even their grubby inaction, right?

I don't care which bunch of spies does it more. I don't want spies doing it at all.

link
mlyle 1639 days ago
> and even their grubby inaction, right?

Yah, I guess by not searching for new exploits tonight for public disclosure, I'm putting the entire software world marginally more at risk by "grubby inaction."

> I don't care which bunch of spies does it more. I don't want spies doing it at all.

I care: some bad actors in my government vs. forcing an entire massive economy to participate in bad actions will have massively different magnitudes of effect.

There's always going to be bad actors, but preventing 15% of the world's population from being good actors surely is a pretty significant thing.

link
mthoms 1639 days ago
Ethically, it’s not the same.
link
clouddrover 1639 days ago
There's nothing ethical about leaving your nation's infrastructure vulnerable to attack just because you want to indulge in the boy's own adventure of attacking the infrastructure of other nations.

It's not ethical. It's not professional. It's school boy stuff.

link
mthoms 1639 days ago
Whoa, I think we're on the same team. I was saying it's not ethical to tell only your gov't about the exploit, and not your customers.
link