US Navy Wants To Buy Your Software’s Zero-Day Vulnerabilities

image

There are plenty of software engineers and hackers out there whose job is to search for a software’s security loopholes, flaws, and zero-day vulnerabilities to patch them before they are discovered and exploited by hackers. Google themselves have such an initiative in place where they take it upon themselves to try and discover as many flaws as possible.

While these flaws could be used by hackers for malicious purposes, it seems that the US Navy seems these flaws as a potential way to gather intelligence on their targets. This was discovered by Dave Maass (via EFF) through a posting made on FedBizOpps, which is a site used by government agencies to post contracts on.

According to the posting, it requires that “the vendor shall provide the government with a proposed list of available vulnerabilities, 0-day or N-day (no older than 6 months old). . . .The government will select from the supplied list and direct development of exploit binaries.” It also appears that they are seeking for vulnerabilities in commonly used software from the likes of Microsoft, Apple, and Google.

Unsurprisingly the posting has since been taken down. While the US government has policies in place for disclosing exploits, the fact that they are looking to purchase said exploits is a bit worrying as developers might be more inclined to sell the information to the US government as opposed to informing the company behind the software who may or may not pay them for their efforts.

UG

Advertisements

About lankapage

We are an online publication (Educational Purpose Blog) made up largely of what we call “disintermediated” news – that is news without a spin put on it by a journalist, published as it’s delivered to Lankapage. All copyrights belong to their respective owners. Images and text owned by other copyright holders are used here under the guidelines of the Fair Use provisions of United States Copyright Law. Images and text are used here only for the education purpose and are not intended to generate income for the blog, its employees, or its students. That makes us unique. All content is delivered to you as the writer or producer intended — leaving only you to make judgments about what you read or watch, not us.

Posted on June 15, 2015, in Sri Lanka. Bookmark the permalink. Comments Off on US Navy Wants To Buy Your Software’s Zero-Day Vulnerabilities.

Comments are closed.

%d bloggers like this: