[timewizard]

> It's a really hard problem.

Classify them as weapons of mass destruction. That's what they are. That's how they should be managed in a legal framework and how you completely remove any incentives around their sale and use.

[kingaillas]

How about some penalties for their creation? If NSA is discovering or buying, someone else is creating them (even if unintentionally).

Otherwise corporations will be incentivized (even more than they are now) to pay minimal lip service to security - why bother investing beyond a token amount, enough to make PR claims when security inevitably fails - if there is effectively no penalty and secure programming eats into profits? Just shove all risk onto the legal system and government for investigation and clean up.

[JumpCrisscross]

> weapons of mass destruction. That's what they are

Seriously HN? Your Netflix password being compromised is equivalent to thermonuclear war?

[aczerepinski]

Think more along the lines of exploits that allow turning off a power grid, spinning a centrifuge too fast, or releasing a dam.

[JumpCrisscross]

> exploits that allow turning off a power grid, spinning a centrifuge too fast, or releasing a dam

By this definition trucks are WMDs because they, too, can blow up a dam.

Hyperbolic comparisons undermine the speaker’s authority. Zero Days aren’t WMDs.

[tptacek]

That is never, ever going to happen, and they are nothing at all like NBC weapons.

[joshfraser]

Yes. Except our government is the largest buyer.

[Symbiote]

The USA has 5044 nuclear missiles, so that shouldn't be a problem.