Basically, there are companies that specialise in finding zero-day security vulnerabilites in software (“zero day” stands for “zero days since the developer discovered the vulnerability”, meaning it hasn't been discovered at all). Since they sell that information to cyber criminals and even authoritarian countries, their business model directly harms the digital security of end users as well as our critical infrastructure. That's why I propose banning it altogether.
Possible phrase to be included in the licence:
the systematic trade with zero-day security vulnerabilites in software accessible to the general public, without disclosing them to the public, the developer or the responsible state authority
Basically, there are companies that specialise in finding zero-day security vulnerabilites in software (“zero day” stands for “zero days since the developer discovered the vulnerability”, meaning it hasn't been discovered at all). Since they sell that information to cyber criminals and even authoritarian countries, their business model directly harms the digital security of end users as well as our critical infrastructure. That's why I propose banning it altogether.
Possible phrase to be included in the licence: