Security Firms Releasing Exploits: Driving Up Sales Or Informing The Public?

from the not-so-good dept

The more cynical computer security watchers have often suggested that security firms are behind certain virus/worm releases in order to sell more product. Certainly, high profile exploits tend to drive up security software sales, and there's always some skepticism in any business where true "success" would really mean putting yourself out of business. However, most security companies really aren't that crazy to completely risk their reputation like that. Of course, at the same time, you have the debate over security researchers who reveal exploits in order to better inform the world of the risks, and maybe prompt a company to fix security holes it seems like they've been ignoring. So where is the border line between these two things? It seems like one French security firm is clearly pushing (or some might say obliterating) those boundaries by releasing zero-day exploit code for a hole in Microsoft IE and pushing out code within 24 hours that works on the Plug-N-Play vulnerability that came out last week and impacted many users. It certainly looks like this effort goes beyond "informing the community of a threat" to "smashing things up to get more sales to fix the mess." The big differences: (1) no alert to the company, giving them a chance to fix the hole and, (2) much more importantly, the release of actual code, rather than just letting people know that the vulnerability exists and that users are at risk.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Benjamin Kaplin, 22 Aug 2005 @ 6:04pm

    No Subject Given

    The question, then, is not are they doing it to drive up sales, because that's fairly open and shut. The question is do they realize sales from releasing code like this? It seems the backlash would kill their reputation.
    For example:
    "Hey, there's a hole in this bit of software. By doing the following highly technical things, it can be exploited."
    vs.
    "Here's something to help script kiddies get their mitts on your data. Enjoy!"

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.