"How do you protect what you want to exploit?" asks Scott Charney, an executive at Microsoft. He highlights a dilemma. Intelligence agencies Look for programming mistakes in software so they can use them to spy on terrorists and other targets. But if they leave open these security holes, known in tech jargon as "vulnerabilities", they run the risk that hostile hackers will also find and exploit them. Academics, security researchers and teamsfrom software firms unearth hundreds of vulnerabilities each year. One recent discoverywas the Heartbleed bug,a flaw in a widely used encryption system. Software-makers encourage anyone who finds a flaw to let them know immediately so they can issue "patches" fortheir programs before hackers can take advantage of them. That is how most vulnerabilities are dealt with.
展开▼
