Security Firms Releasing Exploits: Driving Up Sales Or Informing The Public?

from the not-so-good dept

The more cynical computer security watchers have often suggested that security firms are behind certain virus/worm releases in order to sell more product. Certainly, high profile exploits tend to drive up security software sales, and there’s always some skepticism in any business where true “success” would really mean putting yourself out of business. However, most security companies really aren’t that crazy to completely risk their reputation like that. Of course, at the same time, you have the debate over security researchers who reveal exploits in order to better inform the world of the risks, and maybe prompt a company to fix security holes it seems like they’ve been ignoring. So where is the border line between these two things? It seems like one French security firm is clearly pushing (or some might say obliterating) those boundaries by releasing zero-day exploit code for a hole in Microsoft IE and pushing out code within 24 hours that works on the Plug-N-Play vulnerability that came out last week and impacted many users. It certainly looks like this effort goes beyond “informing the community of a threat” to “smashing things up to get more sales to fix the mess.” The big differences: (1) no alert to the company, giving them a chance to fix the hole and, (2) much more importantly, the release of actual code, rather than just letting people know that the vulnerability exists and that users are at risk.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Security Firms Releasing Exploits: Driving Up Sales Or Informing The Public?”

Subscribe: RSS Leave a comment
1 Comment
Benjamin Kaplin (user link) says:

No Subject Given

The question, then, is not are they doing it to drive up sales, because that’s fairly open and shut. The question is do they realize sales from releasing code like this? It seems the backlash would kill their reputation.
For example:
“Hey, there’s a hole in this bit of software. By doing the following highly technical things, it can be exploited.”
“Here’s something to help script kiddies get their mitts on your data. Enjoy!”

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...