Hacker News new | past | comments | ask | show | jobs | submit login

The government's strategy is probably a result of it being easier to maintain an advantage by keeping weapons secret than by distributing defences to only the good guys.

It would be interesting to speculate how close we are to replacing all networked services with provably secure implementations (like the work of Project Everest[0]). Of course there's no such thing as perfect security (or perfect proofs), but I think we are close to reaching the point where attacking implementation flaws is less fruitful than attacking the software supply chain.

In fact, we may already have reached that point, so I think that efforts to secure the supply chain (like sigstore[1]) and potential government efforts to attack it (like recent changes to iOS and Android[2]) deserve more focus.

[0] https://project-everest.github.io/

[1] https://security.googleblog.com/2021/03/introducing-sigstore...

[2] https://news.ycombinator.com/item?id=27176690




The US gov can easily maintain an offensive advantage while doing massive amounts of patching. Red teaming is much easier.

The problem here is that we're essentially building glass cannons. Yeah, we can hit hard but you can't win a fight that way. Eventually you're going to get punched in the face.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: