“In-Q-Tel CISO tells Black Hat: end cyber arms race by “clearing the market.
“We could pay 10 times the market price” for zero-day vulnerabilities, Geer said. “If we make them public, we zero the inventory of cyber weapons where it stands.”
The effectiveness of the strategy, he admitted, was “contingent on vulnerabilities being sparse—or at least less numerous.” And he expressed concern that the growth of vulnerabilities created by machine-written code could outstrip the ability of human researchers to keep up—rendering bug-hunting as a form of “security theater.”
Read more at arstechnica.com.