For the last little while, Christopher Soghoian has attempted to highlight the dangers of the zero-day exploit market. The basics are that some vulnerability researchers are selling exploits to make money, without vetting who the end user will be, and in some cases knowingly selling them to militaries (he phrases it as governments, but the implication is that they aren't using them for defence). Soghoian, as I read it, is trying to highlight this trade, and get some sort of legislation passed to regulate it. (A darker reading would make it seem that he has a more, aggressive agenda, but let's leave that aside for a moment.)
The worrying thing here is neatly summed up by Haroon:
The scariest thing about you, is how certain you are that you are right. Regulation is a scary instrument
Continue reading "0-Day Exploit Sales and Pushing for Legislation"