The World Wide Web Consortium wants to give companies a veto over warnings about browser defects

Since 2013, when the W3C decided to standardize DRM for web videos, activists, security researchers and disabled rights advocates have been asking the organization what it plans on doing about the laws that make it illegal to bypass DRM, even to add features to help blind people, or to improve on browsers, or just to point out the defects in browsers that put billions of web users at risk.

Market for zero-day vulnerabilities incentivizes programmers to sabotage their own work

In this Forbes editorial, Bruce Schneier points out a really terrible second-order effect of the governments and companies who buy unpublished vulnerabilites from hackers and keep them secret so they can use them for espionage and sabotage. As Schneier points out, this doesn't just make us all less secure (EFF calls it "security for the 1%") because there are so many unpatched flaws that might be exploited by crooks; it also creates an incentive for software engineers to deliberately introduce flaws into the software they're employed to write, and then sell those flaws to governments and slimy companies.… Read the rest