THE SOFTWARE flaws that allow hackers to penetrate, manipulate, exploit, and sabotage computer systems are called “back doors.” Closing them is vital to any consumer’s security, which is why so many notices pop up on our screens about critical software updates. But keeping those doors open is vital to cyberwarfare, which the United States is determined to dominate. So there is a paradox: Do you protect the public by fixing the flaws when you find them? Or do you try to keep them secret so you can use them against your enemies? When the Americans and Israelis developed the fearsome Stuxnet worm to disrupt Iran’s nuclear program, they used a back door in Microsoft Windows. Of course they hadn’t mentioned it to Microsoft. In recent years, as the potential value of these hidden flaws has become clear, hacker-entrepreneurs have set up businesses that sell them to the highest bidder, which opens a whole new can of worms, as it were. Ryan Ellis at the Kennedy School’s Belfer Center says the government has to focus on this problem; the nation’s infrastructure is at risk. “There’s a lot of work to be done,” he says, and in cyberwar a good offense is not always the best defense.