January 30, 2007

Business Opportunities [12:46 pm]

The developing market in exploitable software bugs — with both white hats and black hats participating: A Lively Market, Legal and Not, for Software Bugs

Companies like Microsoft do not endorse such bounty programs, but they have even bigger problems: the willingness of Internet criminals to spend large sums for early knowledge of software flaws that could provide an opening for identity-theft schemes and spam attacks.

The Japanese security firm Trend Micro said in December that it had found a Vista flaw for sale on a Romanian Web forum for $50,000. Security experts say that the price is plausible, and that they regularly see hackers on public bulletin boards or private online chat rooms trying to sell the holes they have discovered, and the coding to exploit them.

Especially prized are so-called zero-day exploits, bits of disruption coding that spread immediately because there is no known defense.

Software vendors have traditionally asked security researchers to alert them first when they find bugs in their software, so that they could issue a fix, or patch, and protect the general public. But now researchers contend that their time and effort are worth much more.

“To find a vulnerability, you have to do a lot of hard work,” said Evgeny Legerov, founder of a small security firm, Gleg Ltd., in Moscow. “If you follow what they call responsible disclosure, in most cases all you receive is an ordinary thank you or sometimes nothing at all.”

permalink to just this entry

September 2014
S M T W T F S
« Jun    
 123456
78910111213
14151617181920
21222324252627
282930  
posts

0.117 || Powered by WordPress