I interviewed with Endgame recently. Their arrogance was striking.
More topically, there's a basic problem in security - vulnerabilities have value. They have more value to people who want to use them than to people who want to close them. Unless this shifts, the current situation is only going to get worse.
Making it illegal isn't going to work. There is already a functional black market. Removing the white market will just drive more groups to the black market.
There's no easy answer here. Yesteryear's EFNet junkies have been turned into today's mercenaries and weapon designers. Cyberspace is valuable, and controlling it moreso. It's a dangerous time to have interesting information.
Worth adding: even basic software security engineering services are, compared to other services, spectacularly expensive. In ten years of software security consulting for big companies, I met with very few who didn't get sticker shock from the cost of even a basic web app assessment.
Supply/demand is a motherfucker. The solution is probably going to have to focus on the supply side.
A lot of basic stuff can be automated, but that only goes so far. Security engineering is becoming its own distinct and highly specialized discipline, and the supply is probably always going to be limited.
I think a better answer is for companies to take security more seriously from the beginning. This means being willing to invest in developer training and in-house infosec. The expense of outside expertise should be ample reason to bring that inside.
More topically, there's a basic problem in security - vulnerabilities have value. They have more value to people who want to use them than to people who want to close them. Unless this shifts, the current situation is only going to get worse.
Making it illegal isn't going to work. There is already a functional black market. Removing the white market will just drive more groups to the black market.
There's no easy answer here. Yesteryear's EFNet junkies have been turned into today's mercenaries and weapon designers. Cyberspace is valuable, and controlling it moreso. It's a dangerous time to have interesting information.