
No, the US Government Should Not Disclose All Vulnerabilities in Its Possession - toufka
https://lawfareblog.com/no-us-government-should-not-disclose-all-vulnerabilities-its-possession
======
toufka
Written by Rick Ledgett, the Deputy Director of the NSA from January 2014
through April 2017.

> Such disclosure would be tantamount to unilateral disarmament in an area
> where the U.S. cannot afford to be unarmed... It is no exaggeration to say
> that giving up those capabilities would cost lives.

> Software vendors need to continue working to build better software, and to
> provide patching support for software deployed in critical infrastructure.
> Customers need to budget and plan for upgrades as part of the going-in cost
> of IT, or for compensatory measures when upgrades are impossible. Those who
> discover vulnerabilities need to responsibly disclose them or, if they are
> retained for national security purposes, adequately safeguard them. And the
> partnership of intelligence, law enforcement, and industry needs to work
> together to identify and disrupt actors who use these vulnerabilities for
> their criminal and destructive ends

