Wednesday, 21 October 2015

bug bounty

Boing Boing, via Ars Technicia, has an interesting primer for the zero-day market, which the industry and regime-appointed czars are reluctant to address or even acknowledge.
A “zero-day” is a software vulnerability, identified by hackers but not publicly disclosed nor yet exploited, which is sold to the highest bidder—which is often a competitor but increasing includes zealous or repressive governments hoping to shore up a munitions’ dump that’s basically a kill-switch (or back-door) for the internet—on the tenuous promise that the discoverers won’t reveal the security weakness or act on it for their own benefit, and hence the name because communications platforms and companies that manage the underlying architecture of the internet would have no time to react or patch the fault, the bugs once it comes to light. This brisk, underground market represents a huge, welling threat with more than speculation becoming a commodity but the actual means of offense and defense. In their naïvety, governments are fueling this trafficking by hoping to preserve a systemic integrity but end up diluting everything in the process.