"Your strange theory, that the economical damage is unavoidable to improve security will break down hard if those 0days are used by terrorists for the first time"
It's not a "strange theory", it's the literal reason: NatSec is not a strange theory, it's the stated reason by multiple administrators and officials for why this behavior occurs.
Plus, how much economic damage was mitigated by using zerodays against terrorists and foiling their plots?
What if they used a zero day and prevented a 9/11 size 3000 person, multi-billion-dollar terrorist attack?
To suggest that the needle is at 0 and any negative use makes the entire NatSec angle bad is very naive, because any successful NatSec use that has succeeded is classified and we're not privy.
So we don't know the score, and we certainly can't claim that the score favors one side after any particular event...
But, keep this in mind, Israeli hackers compromised an ISIS computer and were keeping tabs on plots including a plot to weaponize laptop batteries, up until DJT burned the source by outing the Israeli op to Russians.
So the idea that zero days aren't in active use seeing results against terrorists is very naive, I believe.
But the subject isn't risk evaluation, it's the idea of a "score" where using NatSec state zero days get positive points for saving lives and saving money, and negative points for when terrorists use leaked zerodays or take advantage of unfixed holes.
The claim was "any terrorist attack using these proves it's a net loss"
My response was "the classified nature of positive points doesn't invalidate positive points, and you cannot call it a net loss without a full accounting"
Now it's just devolved into a game of hypotheticals where people try to disprove the idea of a full accounting by creating even sillier terrorist scenarios?
It's not a "strange theory", it's the literal reason: NatSec is not a strange theory, it's the stated reason by multiple administrators and officials for why this behavior occurs.
Plus, how much economic damage was mitigated by using zerodays against terrorists and foiling their plots?
What if they used a zero day and prevented a 9/11 size 3000 person, multi-billion-dollar terrorist attack?
To suggest that the needle is at 0 and any negative use makes the entire NatSec angle bad is very naive, because any successful NatSec use that has succeeded is classified and we're not privy.
So we don't know the score, and we certainly can't claim that the score favors one side after any particular event...
But, keep this in mind, Israeli hackers compromised an ISIS computer and were keeping tabs on plots including a plot to weaponize laptop batteries, up until DJT burned the source by outing the Israeli op to Russians.
So the idea that zero days aren't in active use seeing results against terrorists is very naive, I believe.