[ news_security_news ]
Morality Or Money - Vulnerabilities For Sale
Chris Crum
Staff Writer
2006-07-19
 Insider Reports RSS Feed
There are people out their discovering security vulnerabilities in popular programs and selling their knowledge of the vulnerabilities to the person offering the most.
Obviously the right thing to do in a situation like this would be to notify the maker of the product, but just as it always has, money talks.
ZDNet Australia has an interesting article on this topic. They quote Graham Ingram, manger of the Australian Computer Emergency Response Team (AusCERT):
"I would speculate that if I am a vulnerability researcher and I have the option of, for example, a nice mention from Microsoft on an advisory under 'responsible disclosure' or pay off my mortgage, which one do I choose?"
"The economy on the marketplace is facilitating the sale of everything you want, from custom Trojans to rootkit, and moving through to things like vulnerabilities, which are a marketable commodity," said Ingram.
Not that any of this comes as a surprise, but it seems as though it is only going to get harder and harder to stay secure with this kind of behavior going on and rootkits getting stealthier.
Tags: Google
Add to Del.icio.us | DiggThis | Yahoo! My Web | Furl
About the Author:
Chris Crum is a staff writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
