That was a quote from the article that I wanted to highlight. I obviously did not write that (in case there is some confusion).
-dave On 1/8/2014 4:08 PM, Dave Aitel wrote: > > > http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html > > *Should NSA point out holes?* > > Among the weapons in the NSA's arsenal are "zero day" exploits, tools > that take advantage of previously unknown vulnerabilities in software > and hardware to break into a computer system. The panel recommended > that U.S. policy aim to block zero-day attacks by having the NSA and > other government agencies alert companies to vulnerabilities in their > hardware and software. That recommendation has drawn praise from > security experts such as Matt Blaze, a University of Pennsylvania > computer scientist, who said it would allow software developers and > vendors to patch their systems and protect consumers from attacks by > others who may try to exploit the same vulnerabilities. > > "This is not to say that reporting a vulnerability means that NSA > can't also exploit it against their targets, only that their overall > national security role means that their first responsibility must be > to work to fix it," Blaze said. > > But Schaeffer said: "You're taking a potential weapon away from the > very people we're asking to protect the nation. Those people ought to > be able to use their best technical professional judgment as to when > it's appropriate to alert industry that there's a vulnerability." > > > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
