This is a very good read on cyber conflict:

https://www.amazon.co.uk/This-They-Tell-World-Ends/dp/152662...

If you are interested in a detailed account of the cyberarms race, check out "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race" by New York Times reporter Nicole Perlroth. While the books tends to get a tad repetitive after a while, and definitely skirts many of the technicalities, its definitely provides a lot of insight into the underground zero-day exploits markets and the cyberarms race that we are in right now.

https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760...

I will just add, the author of the NYT piece has a book out on this subject. The book is decent, has some cringe worthy descriptions of technical things if you are a technical person, but overall I learned a huge amount reading it.

A lot of the commentary, accusations, and opinions in the comments here would be addressed or better colored if you're interested enough to read her book (https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760...).

Also, just to be clear, one of the reasons I like the book is because it's written by a person that doesn't understand all the deep technical aspects of these things.

Just finished reading https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760... which is a great book about the zero-day market and how it evolved over the years.

The basic issue is that every nation is actively buying and using zero-days and doesn't want to stop. And companies like NSO aren't really (so they say at least) hacking anybody. They just develop and license hacking tools to governments to use for "lawful" law enforcement purposes. So nobody wants to ban the zero-day market because every country is a huge buyer of zero-days themselves and it is hard to ban selling zero-days to sovereign governments who are using them in accordance with their own laws (even if the regimes in question are terrible and using them to violate their citizens basic human rights). After all, it would be a bit awkward for the US to demand that the NSO Group stop selling it's hacking tools to Saudi Arabia while we have a multi-billion dollar defense industry selling the Saudis all sorts of advanced weaponry.

This won't really work. Many governments and intelligence agencies will pay an extreme premium for 0days and basically hoard them for future use. How do you stop the CIA or NSA from buying 0days? How do you prevent foreign governments or actors from buying them?

The ability to inflict massive damage to a nations infrastructure is now part of modern weaponry. It's akin to asking militaries to stop buying weapons. We have basically split the atom here, we aren't going back.

If you don't want people hacking into your systems you need to go full Galactica, disabling networks and have stopgap measures on every critical device.

There's a great book that talks about this ecosystem (of buying bugs, vulnerabilities, and other 0days), among other cyber security related things:

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760...

After reading "This Is How They Tell Me the World Ends" [1], I feel the world working normally is rather a sheer luck. (Probably I'm very late to realize this, but anyway )

To me the only reasonable survival strategy is redundancy, but I have no idea how we can reach there.

[1] https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760...