Joseph Cox on the Zero Day Industry

The Oxford Centre for Technology and Global Affairs welcomed Joseph Cox on the topic of "Inside the (Real) Zero Day Industry." Joseph Cox is a journalist covering cybersecurity, the digital underground, and the surveillance industry for Motherboard.

Cox began the presentation with an introduction to the zero day industry, with a brief overview of processes such as exploit creation and circumvention of end to end encryption using payloads. The talk focused on the firms that provide high end exploits and other tools to members of the Five Eyes, including the UK, US, Canada, and Australia. These companies keep a low profile, don't advertise at surveillance fairs, and keep any information on their public websites vague. Cox discussed the dynamic between these firms, Silicon Valley, and intelligence agencies. These firms were contrasted with the other players in the industry, such as security researchers working by themselves, freelance bug hunters, large military contractors with long term contracts and small hacking teams.

The discussion revolved around the ethics of disclosure of zero day vulnerabilities, the increasing cost of such exploits, and the differing political leanings of the firms involved. The question of required regulation, if any, for the industry was also discussed.