Comment by hector_vasquez
1 day ago
Releasing the model to bad actors at the same time as the major OS, browser, and security companies would be one idea. But some might consider that "messed up" too, whatever you mean by that. But in terms of acting in the public benefit, it seems consistent to work with companies that can make significant impact on users' security. The stated goal of Project Glasswing is to "secure the world's most critical software," not to be affirmative action for every wannabe out there.
I don't trust a corpo to choose what is "most critical".
That's what's messed up about it.
That is a fine stance to hold but some facts are still true regardless of your view on large businesses.
For example, it will benefit more people to secure Microsoft or Amazon services than it would be to secure a smaller, less corporate player in those same service ecosystems.
You could go on to argue that the second order effects of improving one service provider over another chooses who gets to play, but that is true whether you choose small or large businesses, so this argument devolves into “who are we to choose on behalf of others”.
Which then comes back to “we should secure what the market has chosen in order to provide the greatest benefit.”
The longer term economic outcome of this is consolidation: large players get stronger, weak players get weaker.
That's not a good outcome for the economy.
Let's let the California HSR committee do it instead!
I'm too much of an anarchist for that.
I believe what I said:
> I think it would be net better for the public if they just made Mythos available to everyone.
6 replies →
This is not the only model. I assure you exploits are being found and taken advantage of without it, possibly even ones that this model is not even capable of detecting.
Sounds like people here are advocating a return to security through obscurity which is kind of ironic.
You can release it with cyber capabilities refusal, they gets unlocked when you apply for approval.