To read the full version of this content please select one of the options below:

Vulnerabilities disclosure deeply divides

Thursday, May 25, 2017

Subject

Vulnerability disclosure debates.

Significance

When intelligence agencies discover vulnerabilities in computer systems, they face a choice: either to make public their existence, which could allow them to be fixed and thus protect civilian end-users from cyberattack, or to conceal the knowledge and exploit the vulnerabilities for future intelligence and cyber operations. As the recent WannaCry ransomware attack shows, the decision is far from clear-cut.

Impacts

  • Large releases of vulnerabilities may hamper intelligence agencies in conducting intelligence gathering and offensive cyber operations.
  • Technology firms will continue to argue for a large release of vulnerabilities, but the security benefits are mixed.
  • Russia, China, Iran and North Korea enjoy an asymmetrical advantage, with their cyberagencies under less commerical pressure to disclose.
Expert Briefings Powered by Oxford Analytica
Stay up to date
Sign up to the Expert Daily Briefings email alert and receive up-to-the-minute analysis of global events as they happen.
*If your university does not have access to Expert Briefings, visit our information page to find out more.