A zero-day, meaning a tool used to exploit a newly discovered computer vulnerability, alone does not make an attack. It is but one element of many in an attack, chain and there's much more we can do to increase the odds attacks are defeated. I recently participated in The Cipher ...

Zero-day vulnerabilities -- security flaws in commercial software or hardware for which developers haven’t devised a patch -- have existed since the dawn of the Digital Age, but today, former NSA and CIA director Michael Hayden said at a meeting of cyber security experts convened by The Cipher Brief, they’re ...

Few topics lend themselves to more polemics than government collection and exploitation of zero-day vulnerabilities, or security flaws in commercial software and hardware not yet disclosed to the vendors, to facilitate intelligence gathering efforts. The choices for intelligence agencies are, in short, to either collect and retain zero-day vulnerabilities to ...

With the seemingly constant barrage of leaks revealing the U.S. intelligence community’s hacking capabilities, many are wondering where government draws the line between priorities of intelligence collection versus assisting companies to secure their products in order to keep the digital lives of U.S. citizens and companies secure. The Cipher Brief ...

Wikileaks’ “Vault7” disclosure last month of apparent CIA hacking tools marked the third recent incident in which an inadvertent public release of alleged government hacking techniques has sent the private sector scrambling to protect users. The two others involved a release of alleged NSA tools by group that calls itself ...