For The Love Of God Please Ban Zero Day Exploits

There is an interesting discussion going on revolving around privacy experts, and security professional surrounding the use, and abuse of 0day exploits. Some of the talk comes surrounding a Bloomberg article titled: "US Contractors Scale Up Search for Heartbleed-Like Flaws " [1] The argument on the side of privacy / legal/ crypto experts (summarized) seems to be "we need to stop because it will get into the wrong hands" [2] "People are going to use it for the wrong reasons." Which is true to a degree but on a grand scale one of the most absurd things I have read in some time.

S. government develops cyberweapons in an effort to develop protection mechanism against foreign sponsored attacks." Because, stopping ourselves (the United States, its researchers, security hobbyists, etc.) will do nothing but hurt us, since other countries who will move forward with the development, and sales of exploits, aimed AT us.

I am all for the banning of "exploits" I really am. It means one thing to me at the end of the day. More money. More money since companies won't know about fully disclosed exploits attackers are using on their networks. This means, as a contractor, I'll have a whole lot of work coming my way because of this absurd new law/ruling/train of thought. I'm all for it because I currently sit on 0day of my own. This means, the prices for my exploits increase to whatever I want to charge. Will it stop me from selling even to the U.S. government? Here is a dirty little (known by everyone) secret: nope. It will just make the overall delivery a little more complex. Solely means I know have to tell "my guys" in the federal arena to tell "their guys" I can no longer print a receipt, purchase order, etc., upon delivery. In fact, I may have to charge N amount of dollars for "development of an HTTP delivery system" as opposed to "development of a backdoor payload mechanism."

While I can agree with both sides of the argument: "zero day is evil" the reality is, zero day is here (has been for a long time) to stay. I would rather trust my own government to some degree, than have the entire scope of zero day go so far underground, I'll have to create e-mail buzzwords to "my guy" who WILL no matter what, get "his guy" what is needed. If we took a quick...

