non disclosure
should be made a crime in itself if the vulnerabilities are then used to create attacks - how can HackingTeam not be up on charges?
Leaked HackingTeam spyware was used by a cyber-spy group to collect intelligence. The Callisto Group cyber-spies collected intel on foreign and security policy in eastern Europe and the south Caucasus using spyware developed for law enforcement agencies, according to F-Secure Labs. The group – which remains active – has …
What he said: "This should remind governments that we don't have monopolies on these technologies, and that mercenaries, hostile nation states, and other threats won't hesitate to use these surveillance powers against us"
What they heard: "We need more powerful / pervasive surveillance if we want to stay ahead"
Because that could never happen.
Just like anyone who'd been attacked could never reverse engineer those tools either.
Except yes it can and yes it has.
In fact encryption appears to be the only tool a govt could develop that would do no direct harm if it leaked into the wild.
The problem is who would trust that it was not a deliberate leak and had backdoors in?