From: Business Insider
Dave Aitel, CEO of Immunity Inc., a leading offensive security firm that serves major financial institutions, industrials, Fortune/Global 500s and US government/military agencies. He is a former NSA computer scientist and DARPA contractor.
In a recent article “Obama Policy on Zero Days Craps Out”, Stanford’s director of civil liberties Jennifer Granick made the case that the White House should be more forthcoming with its disclosures of “zero day” threats and other web/software vulnerabilities.
According to Granick, a recent statement by the White House on the Heartbleed bug and its policy on vulnerability disclosures “falls far short of a commitment to network security for all and fails to provide the reassurance the global public needs in the midst of the NSA’s security scandal.”
As someone who used to work at the NSA and has been steeped in the world of vulnerabilities for over a decade, I feel compelled to explain why this argument is so misguided and why critics like Ms. Granick are misinformed.
Leave a Reply