The recent WikiLeaks publications regarding “Vault 7” is certainly breathtaking in scope. But, from a cursory browsing, it represents nothing new. As long as we keep innovating, code will have bugs. As long as there are bugs, there will be zero days. And as long as there is an advantage to be gained by employing zero-day exploits, hackers gonna hack.
And while we need to have the Responsible Disclosure conversation, there are some similarly thorny problems lurking in the shadows. Disclosing a bug is only the first step in eliminating the threat. A vendor needs to patch the bug, which may be simple. Or it may be difficult. Either way, it’s only the next step in the story.