Australian spies buying computer bugs: sources

[InfoSec News <alerts () infosecnews org>]

http://www.smh.com.au/it-pro/security-it/australian-spies-buying-computer-bugs-sources-20120307-1ujlb.html

By Cynthia Karena
The Sydney Morning Herald
March 8, 2012

Cyber criminals are not the only ones buying software flaws, say 
sources.

The Australian government is buying computer security weaknesses found 
by hackers before they are sold on the black market, as part of its 
defence strategy, claim those at the coal face of cyber security.

"The Australian government has developed these capabilities as part of 
ASIO, DSD [Defence Signals Directorate], CSOC [Cyber Security Operations 
Centre] and possibly others. But they are purely for research and 
defence," says an Australian security consultant who wishes to remain 
anonymous.

He says while the government won't admit it, buying vulnerabilities is 
an obvious part of "gathering intelligence".

Trading in vulnerabilities is a moot point in technology circles. 
Security and software companies are suspected of buying them, while 
others like Google and Mozilla openly espouse organised contests where 
researchers, also dubbed "white hats", attempt to break their new 
applications and report on bugs so their engineers have a chance to fix 
them before malware writers exploit them.

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.  Get a free live class invite weekly.  Best
program, best price. http://www.ExpandingSecurity.com/PainPill