-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 18/07/14 01:02, coderman wrote: > as thought experiment: a hidden site is setup by presumed > trustworthy experts. exploits are funneled there, then they all > dry up. > > - congratulations! NSA is out of 0day! ? - congratulations! NSA is > not using 0day over Internet! ? - technique for catching 0day has > been compromised. start over,... > > explain to me how any public effort will not fall into the last > trap, repeatedly.
Assuming the effort doesn't stop when exploits dry up, but instead looks for new ways to attract exploits, what's the problem? > if your concern is security for the public, do it by making the > software we use more difficult to exploit as a whole, rather than > fixating on free exploits from NSA for a particular vulnerability > among many. That sounds like a false dichotomy to me. Publicising a specific exploit may spur the development of general as well as specific mitigations. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTy9l8AAoJEBEET9GfxSfMfgkH/RSVybypdVyJJprzT860Gm5v XEzwDG8fK1f+BHfC7ougO6JfQODdCigC6gfNlhSG5eyhAUoQ1+YctrjKz1tGS3S+ DdzI4zplRnVZrFkHZOyps36W+DnO1v199xgT1nPsFlxwc9lGAFqhfkQos7CkF2e9 YxPgC0xfsKupxt1PfStkm6s1CLPUA+o9RVvO4nN8ARTRnp3LrAZW/zjh7FynJ9rj Elfb8wttCd3SzFMcRF7bor/M0fCgW76zTCLJEjAIYTADvp4iMmacjM8Xs4VVDql0 RyJZrK1yQGY3X5H3Zv0Qj00TYbMgrF8oXQTHeo+9p6xE+mcfN2X9AMIhjqL+aJY= =TXzt -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
