ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The CIA mentions us

2017-03-12 12:35:52
from [Rich Kulawiec] [Permanent Link] 
On Thu, Mar 09, 2017 at 10:36:07PM +0200, Jari Arkko wrote:

2. There is no such thing as privileged access to the good guys. It
will leak / break / be shared.

3. Secretly held vulnerabilities make us all less safe.



Two points:

A) Worth noting (h/t to Richard Forno):

        Rand: The Life and Times of Zero-Day Vulnerabilities and Their Exploits
        http://www.rand.org/pubs/research_reports/RR1751.html

The key findings are highly illuminating -- particularly the observation that
the median time -- the *median* time -- to develop an exploit for a zero-day
vulnerability is 22 days.

B) What one government knows, another will know soon.  There are enormous
resources available for this task and vulnerability information, unlike
some other forms of intelligence, can be immediately used with plausible
deniability and without attribution.

---rsk
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Json] secdir review of draft-ietf-jsonbis-rfc7159bis-03, Carsten Bormann
Next by Date:  Re: [Spasm] Last Call: <draft-ietf-lamps-eai-addresses-05.txt> (Internationalized Email Addresses in X.509 certificates) to Proposed Standard, Wei Chuang
Previous by Thread:  RE: The CIA mentions us, Tony Hain
Next by Thread:  Re: Last Call: <draft-ietf-lamps-eai-addresses-05.txt> (Internationalized Email Addresses in X.509 certificates) to Proposed Standard, Russ Housley
Indexes:  [Date] [Thread] [Top] [All Lists]