What should governments do when they discover a hardware 0-day? In the US, as a matter of policy, any vulnerability that is deemed to affect critical infrastructure is disclosed to the vendors by the government [VEP]. The government can hide vulnerabilities (and weaponize them) if it is in the larger national interest [NYT]. Obviously, this … Continue reading HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART II)