Their statement would carry much more weight if they could point to one example ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ipsin on April 11, 2014 \| parent \| context \| favorite \| on: Statement on Bloomberg News story that NSA knew ab... Their statement would carry much more weight if they could point to one example of an exploitable zero-day they've actually disclosed. I don't particularly trust the NSA, but this example probably exists.

eliteraspberrie on April 12, 2014 [–]

With regard to the Linux kernel, for example, their policy was to not look for vulnerabilities and only contribute features:

Did you try to fix any vulnerabilities?

No, we did not look for or find any vulnerabilities in the course of our work. We only changed enough to add our new mechanisms.

http://www.nsa.gov/research/selinux/faqs.shtml#I16

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact