No more free bugs

Published: September 27th, 2012
Privacy activist Christopher Soghoian’s keynote at the Virus Bulletin 2012 conference in Dallas this week probed the morally ambivalent practice of selling security exploits, whether to the vendor whose systems can be compromised or to third-party government clients.
 

 

Image courtesy of Shutterstock
 
While many companies are offering bounties to those who report vulnerabilities, the sums can be piddling next to what a third-party — say, the U.S. government — might pay for the information, he said, according to this post on the Naked Security blog.
 
RELATED CONTENT
 
As Soghoian puts it, “Google and Microsoft can’t outbid the U.S. government. They will never win a bidding war with the army, navy or NSA.”
 
Interesting is the company Endgame Systems, whose Web site tells nothing about the company but simply provides an e-mail link. The company goes to great pains to keep a low profile. Its clients include the U.S. Department of Defence.
 
 


Related Download
Creating Efficiencies In Vendor Risk Management Sponsor: BitSight
Creating Efficiencies In Vendor Risk Management
In this eBook, we'll explore how vendor risk management (VRM) has traditionally been handled, why traditional strategies alone are inadequate, and advices for vendor risk managers on how to effectively and efficiently mitigate cyber risk.
Register Now