search

raisely / NoHarm

Do No Harm software license - A licence for using software for good
Other
398 stars 41 forks source link

Banning trade with zero-day vulnerabilites? #81

Closed realpixelcode closed 2 years ago

realpixelcode commented 2 years ago

Basically, there are companies that specialise in finding zero-day security vulnerabilites in software (“zero day” stands for “zero days since the developer discovered the vulnerability”, meaning it hasn't been discovered at all). Since they sell that information to cyber criminals and even authoritarian countries, their business model directly harms the digital security of end users as well as our critical infrastructure. That's why I propose banning it altogether.

Possible phrase to be included in the licence:

the systematic trade with zero-day security vulnerabilites in software accessible to the general public, without disclosing them to the public, the developer or the responsible state authority

tommaitland commented 2 years ago

This overlaps with #73 on hacking and cybersecurity so let's continue discussion there.