This is a classic security dilemma that is not easily resolvable. Suppose we just look at the US and China. Each side will discover some number of vulnerabilities. Some of those vulnerabilities will be discovered by both countries, some just by one party. If the US discloses every vulnerability, we’re left with no offensive capability and our adversary will have all of the vulnerabilities not mutually discovered. Everyone disclosing and patching vulnerabilities sounds nice, but is an unrealistic scenario in a world with states that have competing strategic interests.
No comments yet.