Skip to main content

Posts

Showing posts from October 8, 2017

Zero-Day Vulnerabilities & US Government

via Lawrence Livermore National Laboratory Software “vulnerabilities” are security flaws that can be exploited to launch cyberattacks. Normally the vendors of IT products seek to patch such bugs soon after they are discovered. This makes some “zero-day vulnerabilities” – the ones that vendors still do not know about –particularly valuable to a variety of actors, including the companies, national governments, and criminals. While some national governments retain zero-days without reporting them to vendors in cases where the vulnerabilities appear particularly valuable for national intelligence or military objectives, some corporations use “bug bounty programs” to encourage hackers and security researchers to report bugs they discover to the vendor. Export controls have also sought to limit the international trade of vulnerabilities and exploits, though such efforts have led to unintended consequences such as the disruption of international cybersecurity research collaborations. Katie …