Security Firms Releasing Exploits: Driving Up Sales Or Informing The Public?
from the not-so-good dept
The more cynical computer security watchers have often suggested that security firms are behind certain virus/worm releases in order to sell more product. Certainly, high profile exploits tend to drive up security software sales, and there’s always some skepticism in any business where true “success” would really mean putting yourself out of business. However, most security companies really aren’t that crazy to completely risk their reputation like that. Of course, at the same time, you have the debate over security researchers who reveal exploits in order to better inform the world of the risks, and maybe prompt a company to fix security holes it seems like they’ve been ignoring. So where is the border line between these two things? It seems like one French security firm is clearly pushing (or some might say obliterating) those boundaries by releasing zero-day exploit code for a hole in Microsoft IE and pushing out code within 24 hours that works on the Plug-N-Play vulnerability that came out last week and impacted many users. It certainly looks like this effort goes beyond “informing the community of a threat” to “smashing things up to get more sales to fix the mess.” The big differences: (1) no alert to the company, giving them a chance to fix the hole and, (2) much more importantly, the release of actual code, rather than just letting people know that the vulnerability exists and that users are at risk.
Comments on “Security Firms Releasing Exploits: Driving Up Sales Or Informing The Public?”
No Subject Given
The question, then, is not are they doing it to drive up sales, because that’s fairly open and shut. The question is do they realize sales from releasing code like this? It seems the backlash would kill their reputation.
“Hey, there’s a hole in this bit of software. By doing the following highly technical things, it can be exploited.”
“Here’s something to help script kiddies get their mitts on your data. Enjoy!”