http://spiresecurity.com/?p=298 Risk and Cybersecurity Analysis Wed, 21 Aug 2013 23:28:51 +0000 hourly 1 http://wordpress.org/?v=3.5.1 http://spiresecurity.com/?p=298&cpage=1#comment-423 toys Wed, 01 Aug 2007 18:12:01 +0000 http://spiresecurity.com/blog/?p=298#comment-423 These auctions are a bit like the whole guns for cash system set up in some cities, aren’t they? “Bring in your gun, and no questions asked we’ll give you money to take it off your hands” becomes “Bring in your vulnerabilities, and no questions asked we’ll offer money to prevent you from using it against us.” The questions in both cases are essentially the same. 1. Is this a reward for bad behavior? Or, phrased in starker terms: is this blackmail? 2. What happens if the government (or in this case the programmer affected) is outbid? Are we creating a situation where those who want to do harm can easily identify where the tools to do that harm are located? But the larger question that underlies all of this, a question that Grossman obviously answers in the affirmative, is whether or not we accept that the free market should be pure in all cases, even when it comes to matters of security. And, as you suggest here, is this a fair and reasonable state of affairs if we accept that no code is ever going to be produced without vulnerabilities?

]]>