Richard Bejtlich was a cyber-specialist for the U.S. Air Force in the 1990s, a time when the U.S. military was going on the offense in the cyberwar. He remembers the day he realized how important a software vulnerability can be to a cyberweapons designer.
“Myself and a couple other guys, we found a zero day vulnerability in Cisco routing equipment,” Bejtlich recalls. “And we looked at it, and we said, ‘Did we really find this? Can we really get into these Cisco routers?'”
They could, and so Bejtlich and his colleagues reported it to Cisco. They thanked him and said they’d fix it. Days later, he was talking to some friends who worked on the offensive side of the unit, and they had quite a different reaction to them reporting the bug to Cisco.
“They said, ‘You did what? Why didn’t you tell us? We could have used this to get into all these various hard targets,'” he says.