The Zero-Day Dilemma: Should Government Disclose Company Cyber Security Gaps?

Few topics lend themselves to more polemics than government collection and exploitation of zero-day vulnerabilities, or security flaws in commercial software and hardware not yet disclosed to the vendors, to facilitate intelligence gathering efforts.

The choices for intelligence agencies are, in short, to either collect and retain zero-day vulnerabilities to glean crucial intelligence, or, instead, to collect and disclose security flaws to companies so that they may design and distribute patches for them.

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Sign Up Log In


Related Articles

Search

Close