Before doing this assignment, be sure you are familiar with the General Instructions for Discussion Assignments found in the Course Information Module.
In the reading assignment for this module you learned how the US government uses zero day exploits to infiltrate computer networks and keeps those exploits secret even though US computer networks are vulnerable to the same exploits.
There are periodic calls for the US government to stop the use of zero day exploits, or at least to severely limit the time during which they can use them without notifying the manufacturer of the software. For instance, one suggestion is that the US government should notify Microsoft within 60 days of discovering any vulnerability. That gives the government a short window of time to exploit the vulnerability but also assures that Microsoft will soon begin working on a patch.
One of the arguments in favor of this approach was surprisingly delivered by Rob Joyce in the video you watched in Module 6. You may have missed this, but during that video, he downplays the importance of zero day exploits when attacking a network.
So that's the question for discussion:
Should the US government be required to notify manufacturers of all zero day vulnerabilities that the government discovers within some limited amount of time?
To be clear, I'm not suggesting that the government should search for vulnerabilities just to notify manufacturers. However, the government does learn about vulnerabilities in their efforts to infiltrate other systems. The question is ... when they find those vulnerabilities, should they also notify the manufacturer of the product so that a patch can be released?
Your answer needs to acknowledge the conflict and why you would resolve it in the way that you do. Note that this does not have to be a yes/no question, your answer could try to find a middle ground.
This is not an easy question!
As always, one initial post is due on the date shown in Canvas. The following day, instructions for responses will be posted
.