Open navigation menu

Welcome to Everand!

The Atlantic

Should U.S. Hackers Fix Cybersecurity Holes or Exploit Them?

Maybe someday we'll patch vulnerabilities faster than the enemy can use them in an attack, but we're not there yet.

by Bruce Schneier May 19, 2014 6 minutes

Source: Reuters

There’s a debate going on about whether the U.S. government—specifically, the NSA and United States Cyber Command—should stockpile Internet vulnerabilities or disclose and fix them. It's a complicated problem, and one that starkly illustrates the difficulty of separating attack and defense in cyberspace.

A software vulnerability is a programming mistake that allows an adversary access into that system. Heartbleed is a recent example, but hundreds are discovered every year.

Unpublished vulnerabilities are called “zero-day” vulnerabilities, and they’re very valuable because no one is protected. Someone with one of those can attack systems world-wide with impunity.

When someone discovers one, he can either use it for defense or for offense. Defense means alerting the vendor and getting it patched. Lots of vulnerabilities are discovered by the vendors themselves and patched without any fanfare. Others are discovered by researchers and hackers. A patch doesn’t make the vulnerability go away, but most users protect themselves by patch their systems regularly.

Offense means using

You’re reading a preview, subscribe to read more.

Start your free 30 days

Sharing Options

More from The Atlantic

The Atlantic7 min readAmerican Government

Could South Carolina Change Everything?

For more than four decades, South Carolina has been the decisive contest in the Republican presidential primaries—the state most likely to anoint the GOP’s eventual nominee. On Saturday, South Carolina seems poised to play that role again. Since the

The Atlantic4 min read

Hayao Miyazaki’s Anti-war Fantasia

Once, in a windowless conference room, I got into an argument with a minor Japanese-government official about Hayao Miyazaki. This was in 2017, three years after the director had announced his latest retirement from filmmaking. His final project was

The Atlantic5 min readAmerican Government

What Nikki Haley Is Trying to Prove

This is an edition of The Atlantic Daily, a newsletter that guides you through the biggest stories of the day, helps you discover new ideas, and recommends the best in culture. Sign up for it here. Nikki Haley faces terrible odds in her home state of

Related Books & Audiobooks

IT Security Concepts: 1, #1
Ebook
IT Security Concepts: 1, #1
byRavikumar Patel
Rating: 5 out of 5 stars
5/5
Protecting Our Future, Volume 1: Educating a Cybersecurity Workforce
Ebook
Protecting Our Future, Volume 1: Educating a Cybersecurity Workforce
byJane LeClair
Rating: 0 out of 5 stars
0 ratings
Zero Trust and Third-Party Risk: Reduce the Blast Radius
Audiobook
Zero Trust and Third-Party Risk: Reduce the Blast Radius
byGregory C. Rasner
Rating: 0 out of 5 stars
0 ratings
Penetration Testing Fundamentals -1: Penetration Testing Study Guide To Breaking Into Systems
Ebook
Penetration Testing Fundamentals -1: Penetration Testing Study Guide To Breaking Into Systems
byDevi Prasad
Rating: 0 out of 5 stars
0 ratings
Malware Analysis: Digital Forensics, Cybersecurity, And Incident Response
Audiobook
Malware Analysis: Digital Forensics, Cybersecurity, And Incident Response
byRob Botwright
Rating: 0 out of 5 stars
0 ratings
The Effects of Cybercrime in the U.S. and Abroad
Ebook
The Effects of Cybercrime in the U.S. and Abroad
byRandall Knight B.S. L.L.B L.L.M.
Rating: 0 out of 5 stars
0 ratings
Cybersecurity Policy A Complete Guide - 2020 Edition
Ebook
Cybersecurity Policy A Complete Guide - 2020 Edition
byGerardus Blokdyk
Rating: 0 out of 5 stars
0 ratings
How Cyber Security Can Protect Your Business: A guide for all stakeholders
Audiobook
How Cyber Security Can Protect Your Business: A guide for all stakeholders
byChristopher Wright
Rating: 0 out of 5 stars
0 ratings
Insider Threats
Ebook
Insider Threats
byMatthew Bunn
Rating: 5 out of 5 stars
5/5
Malicious URL Detection: Introduction
Ebook
Malicious URL Detection: Introduction
byDr. N. Jayakanthan
Rating: 0 out of 5 stars
0 ratings
Protecting Our Future, Volume 2: Educating a Cybersecurity Workforce
Ebook
Protecting Our Future, Volume 2: Educating a Cybersecurity Workforce
byJane LeClair
Rating: 0 out of 5 stars
0 ratings