The Zero-Day Dilemma: Should Government Disclose Company Cyber Security Gaps?

Few topics lend themselves to more polemics than government collection and exploitation of zero-day vulnerabilities, or security flaws in commercial software and hardware not yet disclosed to the vendors, to facilitate intelligence gathering efforts.

The choices for intelligence agencies are, in short, to either collect and retain zero-day vulnerabilities to glean crucial intelligence, or, instead, to collect and disclose security flaws to companies so that they may design and distribute patches for them.

“The Cipher Brief has become the most popular outlet for former intelligence officers; no media outlet is even a close second to The Cipher Brief in terms of the number of articles published by formers.” —Sept. 2018, Studies in Intelligence, Vol. 62

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.


Related Articles