CIA’s venture firm security chief: US should buy zero-days, reveal them

Dan Geer, speaking at Black Hat, outlined a series of policies he believes will help make the Internet more secure.
Sean Gallagher

LAS VEGAS—In a wide-ranging keynote speech at the Black Hat information security conference today, computer security icon Dan Geer gave attendees a sort of personal top 10 list of things that could be done to make the Internet more secure, more resilient, and less of a threat to personal privacy. Among his top policy picks: the US government should move to “corner the market” on security vulnerabilities by paying top dollar for them and then publish them to the world.

Geer is the chief information security officer for In-Q-Tel, the not-for-profit venture capital firm funded by the Central Intelligence Agency to incubate technologies that aid intelligence operations. However, he noted that he was speaking in a private capacity at the event and not as a public official.

“We could pay 10 times the market price" for zero-day vulnerabilities, Geer said. “If we make them public, we zero the inventory of cyber weapons where it stands.”

Read 24 remaining paragraphs | Comments