Privacy activist Christopher Soghoian’s keynote at the Virus Bulletin 2012 conference in Dallas this week probed the morally ambivalent practice of selling security exploits, whether to the vendor whose systems can be compromised or to third-party government clients.
While many companies are offering bounties to those who report vulnerabilities, the sums can be piddling next to what a third-party — say, the U.S. government — might pay for the information, he said, according to this post on the Naked Security blog
As Soghoian puts it, “Google and Microsoft can’t outbid the U.S. government. They will never win a bidding war with the army, navy or NSA.”
Interesting is the company Endgame Systems, whose Web site tells nothing about the company but simply provides an e-mail link. The company goes to great pains to keep a low profile. Its clients include the U.S. Department of Defence.