Microsoft CEO on why governments shouldn't weaponize software vulnerabilities

This past spring, ransomware known as WannaCry infected millions of Windows computers. The creators utilized a Windows exploit called EternalBlue that was believed to have been created and used by the US National Security Agency to spy on possible threats.

The chaos the event caused brought into focus governments finding and exploiting vulnerabilities in software, rather than telling the creators of the software and having them fix it for their customers. We sat down with Microsoft CEO Satya Nadella and asked what he thought about it — and what governments should be doing instead, if anything.

Nadella is the author of the new book "Hit Refresh: The Quest to Rediscover Microsoft's Soul and Imagine a Better Future for Everyone." The following is a transcript of the video. 

Satya Nadella: I think they should disclose them to the companies. So that we can fix these bugs. I think it's a terrible thing to do to stockpile anything because these just can be used in unintended ways by people who can get access to them.

So I think the issue with some of these things is we need to make sure that everybody is updated and patched because one weak link in one area can propagate. Especially in a connected world like ours. So that's why I think of this as even a shared responsibility of governments, first responders like us as tech companies, and even our customers and partners. 

Especially in times like this where digital technology is so pervasive in all walks of life and infrastructure and parts of our economy. That we all come together to make sure that security and operational security at all times is being improved and stockpiling of any zero-day issues is not going to be helpful. 

 

No comments:

Powered by Blogger.