A keynote at Virus Bulletin 2012 focuses on the world of selling vulnerabilities

No more free bugs
Privacy activist Christopher Soghoian’s keynote at the Virus Bulletin 2012 conference in Dallas this week probed the morally ambivalent practice of selling security exploits, whether to the vendor whose systems can be compromised or to third-party government clients.


Image courtesy of Shutterstock
While many companies are offering bounties to those who report vulnerabilities, the sums can be piddling next to what a third-party — say, the U.S. government — might pay for the information, he said, according to this post on the Naked Security blog.
As Soghoian puts it, “Google and Microsoft can’t outbid the U.S. government. They will never win a bidding war with the army, navy or NSA.”
Interesting is the company Endgame Systems, whose Web site tells nothing about the company but simply provides an e-mail link. The company goes to great pains to keep a low profile. Its clients include the U.S. Department of Defence.
Related Download
Cisco Secure Mobility Knowledge Hub Sponsor: Cisco
Cisco Secure Mobility Knowledge Hub
This Knowledge Hub provides an end-to-end look at what it takes to discover, plan, and implement a successful Secure Mobility strategy.
Learn More
Share on LinkedIn Share with Google+ Comment on this article
More Articles