Product Vulnerabilities on Sale

When I first read the article on “Zero-day sales not ‘fair’ – to researchers” on theregister.com [1], which highlights an example of the going rate of vulnerabilities found on systems/products, I was quite shocked with the phenomenon.

With the number of exploits being found every so often I guess something like this was inevitable. Although it is a shame that people have to make money out of a system’s vulnerabilities. Sure, people spend their time finding the vulnerability and some companies even produce temporary fixes. This does not mean that we should fund the finding of vulnerabilities.

One could almost argue that systems could be created with vulnerabilities, in order for someone -closely affiliated with the developer- to pick them up and make a few bucks on the side. A scenario that I would say is very plausible but probably not applicable often. I think I am going quite far when I say that governments probably started it, in order to gain an advantage in all so connected Information Age we live in.

Vulnerabilities should be found and reported to the product developers, who in turn patch/correct the vulnerability from causing serious issues to the users.

Update:
And the plot thickens.

“The market for software vulnerabilities just got even more complex with the arrival of a firm that offers security researchers a chance to profit from their work by patenting security fixes.”

Read more [2]

“Just as songs are copyrighted and the lyrics are not patented, along the same lines this should be enforced for software. Writing software (coding) is actually another form of art. In art the genesis of an idea, can not be copyrighted; how ever the out come is linked to a specific author (artist).” – Grigorios Fragkos

P.S: I wonder if there is a patch to the operating system called Windows Vista? Maybe a re-install of another operating system would do.

Link used:
[1] The Register, “Zero-day sales not ‘fair’ – to researchers” – http://www.theregister.co.uk/2007/06/03/market_value_of_software_security_vulnerabilites/

[2] The Register, “Firm offers to patent security fixes” – http://www.theregister.co.uk/2007/06/06/security_fix_patent/

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *