You take this, add in a dash of a Kentucky bill aimed to prevent real time media reporting when an injury is involved (a tad specific) and it’s just a hop-skip-n-a-jump to White Christmas - it’s on NF now in the states…
Stories like this always make me recall a fantasy - and I wonder why it’s not a strategy? What if security researchers agreed on a site - kind of a programmers’ WikiLeaks. So when a weakness is discovered, documentation can suddenly show up in a public place, anonymized. Then all the hacker types can shout, “I’m Spartacus!” “No, I’m Spartacus!”
THAT. We need this.
Possibly with some sort of bug bounties (crowdsourced? vendor-backed?) to provide a competition to the already existing zeroday market.
…and possibly also some way to easily leak schematics, service docs, and “confidential” datasheets for parts; SONY, I am looking at YOU and your ilk.
Yes this is needed!
I hope the W3C does something, but the cynic in my thinks they will roll over and do nothing.
I hope they will pit the megacorps against each other into quarrels that no side is willing to concede, and then stay on the sidelines and stall for time.
Depends on what kind of harm a zero day does. There is a reason why a lot of vendors (including my own) ask for responsible disclosures and run bug bounty programs.
This topic was automatically closed after 5 days. New replies are no longer allowed.