![[article image]](https://cacm.acm.org/system/assets/0003/8794/121620_Ethics-of-Zero-Day.large.jpg?1608154211&1608154211 "zero day and trolley car, illustration")
The May 2017 WannaCry ransomware attack caused a great deal of damage across Europe and Asia, wreaking particular havoc with Britain's National Health Service.a The attack exploited a Microsoft Windows vulnerability that had been discovered and exploited by the U.S. National Security Agency.5 The NSA informed Microsoft of the vulnerability, but only after the NSA had lost control of the assets it had developed to take advantage of the vulnerability. Shortly after the attack Microsoft President and Chief Legal Officer Brad Smith characterized the NSA and CIA's stockpiling of vulnerabilities as a growing problem:
Key Insights
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.b