No more free bugs

Published: September 27th, 2012
Privacy activist Christopher Soghoian’s keynote at the Virus Bulletin 2012 conference in Dallas this week probed the morally ambivalent practice of selling security exploits, whether to the vendor whose systems can be compromised or to third-party government clients.


Image courtesy of Shutterstock
While many companies are offering bounties to those who report vulnerabilities, the sums can be piddling next to what a third-party — say, the U.S. government — might pay for the information, he said, according to this post on the Naked Security blog.
As Soghoian puts it, “Google and Microsoft can’t outbid the U.S. government. They will never win a bidding war with the army, navy or NSA.”
Interesting is the company Endgame Systems, whose Web site tells nothing about the company but simply provides an e-mail link. The company goes to great pains to keep a low profile. Its clients include the U.S. Department of Defence.

Related Download
Ransomware Response Guide Sponsor: IBM Canada
Ransomware Response Guide
Ransomware has continued to be on the rise, and new types or variants take advantage of known vulnerabilities. They are also becoming better implemented, with fewer possibilities of being able to circumvent the malware and access your files without paying.
Register Now