Security Firms Releasing Exploits: Driving Up Sales Or Informing The Public?
from the not-so-good dept
The more cynical computer security watchers have often suggested that security firms are behind certain virus/worm releases in order to sell more product. Certainly, high profile exploits tend to drive up security software sales, and there's always some skepticism in any business where true "success" would really mean putting yourself out of business. However, most security companies really aren't that crazy to completely risk their reputation like that. Of course, at the same time, you have the debate over security researchers who reveal exploits in order to better inform the world of the risks, and maybe prompt a company to fix security holes it seems like they've been ignoring. So where is the border line between these two things? It seems like one French security firm is clearly pushing (or some might say obliterating) those boundaries by releasing zero-day exploit code for a hole in Microsoft IE and pushing out code within 24 hours that works on the Plug-N-Play vulnerability that came out last week and impacted many users. It certainly looks like this effort goes beyond "informing the community of a threat" to "smashing things up to get more sales to fix the mess." The big differences: (1) no alert to the company, giving them a chance to fix the hole and, (2) much more importantly, the release of actual code, rather than just letting people know that the vulnerability exists and that users are at risk.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
For example:
"Hey, there's a hole in this bit of software. By doing the following highly technical things, it can be exploited."
vs.
"Here's something to help script kiddies get their mitts on your data. Enjoy!"
[ link to this | view in thread ]