While withholding a zero-day’s existence can provide some government advantage, it can potentially harm the rest of us and break many elements of the global internet if vulnerabilities aren’t disclosed and patched.
By now, you probably know what a zero-day vulnerability is: In simple terms, it’s the discovery of software and hardware coding errors that can be exploited by attackers. Some of these errors are found by government researchers, intentionally looking for ways into foreign agency networks to spy on their enemies. Sometimes, our governments and even some private companies keep deliberately mum about these vulnerabilities for many years.
I had an opportunity to interview Lindsey Polley and how she is trying to improve our government’s response to managing its zero-days for my Avast blog.