Something that came up during our game: although they might not use much of the hightech that surrounds them, the Jovians will be very interested in knowing the weaknesses of the technology so they can sabotage or defeat it if needed. They are not alone, of course. But thanks to their relative low-tech status and deliberately different systems they can also use attacks that would cripple the attacker's own systems if they were from an equivalent tech level. Plus, the Republic is willing to have a lot more people employed to pick apart code than most other organisations. "Many eyes makes the weaknesses visible." This got me thinking of the market and use of exploits. Many companies (both in RL and EP) seek out vulnerabilities in common software and sell them on to customers who use it to further their hacking attempts. In EP this is not just for software: since so many objects are smart they are potential vulnerabilities too. If you know your opponent is using Osiris Medical's medichines v4.83 you can buy an exploit for them: it will likely be quite effective. The downside is that you need to know the exact version, and hope that there is something on the market. If you know a longer list of software and hardware you have a much better chance. (If the probability of an exploit existing for a random system is p, and there are N possible systems, then the probability of at least one exploit that works is 1-(1-p)^N: typically it is close to one if N>1/p) If you do not know the list of systems you will have to throw a lot of general exploits at the opponent and hope something sticks; this is ordinary and brute force hacking. [ Essentially, if you know a system of the opponent you can shop around for an exploit for it. These specific exploits are cheaper than the [High] general exploit libraries - exploits or libraries for common systems like standard synthmorphs are [Medium], while exploits for specific systems like OM Medicines 5.83 are [Low]. Finding one might be tougher, though: specific exploits give a -10 or -20 penalty on the Networking roll to find them. Hiding your system versions is an ordinary Infosec roll - but this needs to be done for *every* system. Assume that 100-Infosec % of the systems are visible. ] Exploits can involve denial of service or sabotage rather than help gaining control. This is usually easier since there are many more bugs that involve the function of the system than its security properties. [ This kind of exploits are useless for hacking, but allows impairing or turning off the function of the device. A medichine denial of service exploit allows the attacker to turn off or reduce function of medichines for a while (for example by having them undergo perpetual reboots). ] Using exploits will eventually lead to patches - the makers will find the bug and fix it. For each day after an exploit is used it is a 50% chance that the exploit is detected and patched (although the patch may not reach remote, poor or isolationist users). If the hack went very smooth the chance goes down, while a high-profile hack ups it. Does this make sense? Too powerful?