|
|
|
|
|
|
by hrjet
4531 days ago
|
|
|
* Publish a list of vulnerabilities to manufacturers first and, in time, to public. * Make an open-source scanner that reports (to the user) vulnerabilities in user's hardware / software. * Spread awareness about security to the general public. This includes making them aware of the above two, as well as low-hanging fruits such as "stronger passwords", "don't reuse passwords", etc. * Have regulatory bodies that shame / ban manufacturers that don't publish security updates. I am not a fan of regulation, but this is much more appropriate regulation than banning manufacturers for designing round-corners around screens. * Create an agency where white-hat hackers can independently submit their findings and sponsor their work. These are just the top off my head; would love if someone criticizes them. |
|
|
* Even private vulnerability research venues don't reliably publish to the public. When vendors pay bounties, they often keep the vulnerabilities quiet.
* NSA already does security awareness. For instance, they publish a highly-regarded series of documents on secure standard configurations for Unix and Windows systems.
* NSA can't regulate industry; they have no such authority.
* You're really comfortable with the idea of NSA outbidding private venues for vulnerabilities? (Note that the USG already does sponsor "white hat hackers" through the DARPA grant system).