ACI Journal Articles

Document Type

Conference Proceeding

USMA Research Unit Affiliation

Army Cyber Institute


In the current state of global affairs, a market exists for zero-day exploits where researchers, nation states, industry, academia, and criminal elements develop, buy, and sell these commodities. Whether they develop zero-days or purchase them, nation states commonly stockpile them for the future. They may then use them for purposes such as: espionage, offensive cyber operations, or deterrent effect. The immediate effect of this stockpiling though is that the exploit is not divulged to the public and is therefore not remediated. In our increasingly networked and code dependent world, this creates the potential for a cyber disaster with yet unimaginable impacts on global stability. It is therefore imperative that nation states responsibly divulge zero-day exploits through an international framework for the global good. Moving from the current state of affairs to one where responsible release of zero-day exploits is the norm will not be easy. There are many stake holders who argue that keeping stockpiles is beneficial or that this is an area that is not feasible to regulate. However, as we have seen with weapons such as nuclear, chemical, and biological weapons, it is possible to develop international regimes that prohibit the use of such weapons due to their extraordinary capabilities and impact. Alternatively, should these exploits be seen as equally pernicious as contagious diseases, nations may join together to form organizations similar to the WHO that can address international cyber issues. If a taboo against the use of zero-day exploits can be established, i.e., we make their use morally illegitimate, the security of all users will be improved.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.