The Cyber Cold War is upon us. Nation-states around the world are stockpiling zero-day exploits against widely-used programs and products. The goal? Some countries would say the best defense is a good offense; that they want to have a bigger cyber “stick” than the other guys. Others might suggest these tactics are purely an insurance policy. Regardless of motivation, governments that actively conceal zero-days are making society less safe.
In a recent SC Magazine article, WatchGuard CTO Corey Nachreiner and other security experts weigh the perceived benefits of stockpiling vulnerabilities as international cyber weapons against the negative impact these practices can have on businesses and the general public.
“It makes much more sense to me to aggressively repair all vulnerabilities so your adversaries have minimal technological issues to use against you and your citizens,” said Corey. “A software vulnerability is like a buried landmine waiting for anyone to step on it. If you find one in a well-traveled area and decide to leave it in hopes your enemy steps on it, you risk letting your allies step on it too. Especially when even the friendliest of nations tend not to share exploits with each other.”