|
|
|
|
|
|
by tptacek
4532 days ago
|
|
|
There are some interesting ideas in here. Comments: * Even private vulnerability research venues don't reliably publish to the public. When vendors pay bounties, they often keep the vulnerabilities quiet. * NSA already does security awareness. For instance, they publish a highly-regarded series of documents on secure standard configurations for Unix and Windows systems. * NSA can't regulate industry; they have no such authority. * You're really comfortable with the idea of NSA outbidding private venues for vulnerabilities? (Note that the USG already does sponsor "white hat hackers" through the DARPA grant system). |
|
|