[ale] NPR IT-security miniseries this morning

Jay Lozier jslozier at gmail.com
Tue Feb 12 15:14:19 EST 2013


On 02/12/2013 11:54 AM, Ken Cochran wrote:
> Sent to the ALE list at least for the archive - likely many
> here heard this piece.  Fwiw, I wish the "cyber" prefix
> would Just Go Away - used to be kinda cool-ish but now very
> overworked/overused & just points to BS nowadays.
>
> This on NPR Morning Edition this morning:
>
> http://www.npr.org/2013/02/12/171737191/in-cyberwar-software-flaws-are-a-hot-commodity
>
> Likely nothing readers of this mailing list/group either don't
> already know or haven't long suspected, but disgusting anyway.
> Article comments appear to echo that sentiment.
>
> >From the article text:
>
> "There is no regulation of the vulnerability market in the
> U.S. There is a law prohibiting the export of software that
> provides penetration capabilities that would enable the users
> to attack, deny, disrupt or otherwise impair the use of computer
> infrastructure or networks. But there is no mandatory reporting
> of vulnerability sales."
>
> Hehe, and comments do indeed call-out an (umm...) Elephant
> In The Room vis-a-vis the above-quoted paragraph...  (Which I
> won't name here but it is rather obvious...  :)
>
> I've long lamented what Our Industry has become (re: current
> thread here on "awesome/scary").  An awful lot of Because We
> Can, as opposed to Because We Should.  {sigh}
>
> -kc
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

IMHO any attempt to regulate the market for exploits will drive it 
further underground. Also, I wonder how many flaws are discovered and 
not reported because the discoverer did not recognize the error.

-- 
Jay Lozier
jslozier at gmail.com



More information about the Ale mailing list