Title: MIS522 Case Study 3 - The Vulnerability Economy
Date: 2017-10-08T00:00:00
Tags: Case Study, Cybersecurity, MIS522
Authors: Henry Brooks

Week 5 Case Study

The Vulnerability Economy: Zero-Days, Cybersecurity, and Public Policy

This weeks case study examines an article from the Harvard Business Review concerning the Zero-Day vulnerabilities.

I thought that the article did a good job of covering the different way a cyber security professional can deal with the discovery of a zero-day vulnerability. The article highlighted the organizations that can be contacted and the benefits to choosing different paths.

I feel that the article was partially designed to direct individuals to release the information through ICS-CERT. While I agree that this path is probably the best from an ethical point of view, it still seems like the article went out of its way to push this choice. Still, the author made a decent argument that releasing the information through ICS-CERT allows the vendor time to patch the issue while still ensuring that the individual who finds the vulnerability can receive some recognition. The general public and users of the device are also ensured that the vendor should be timely in solving the security issue.

The article also covers the possibility of monetizing the vulnerability by selling the information to third parties. While these parties are made out to be criminal organizations, reports have shown that state actors are also major purchasers of these vulnerabilities.

I personally feel that long term job security is more valuable than a quick pay off, so I still stand by the idea of a controlled release. The press from finding an exploit will hopefully assist in maintaining employablity into the future.