Does the US Government pay for zero-day exploits? #BlackHat


From the ‘I‘ve always wondered‘ files:

LAS VEGAS. I’m in the super mega Feds vs Ex-Feds panel now at Black Hat and already I’ve learned something I didn’t know.

There is a divergence of opinion in the security industry about whether or not people should buy zero-day exploits. Tipping Points has a whole business model built around it and it seems to work for them – but what about the government?

Does the US Government buy zero-day exploits?

“I don’t buy zero days,” US-CERT director Mischel Kwon said.

Kwon is just one branch of the government.

The NSA had a less specific answer.

 “I can tell you we have a policy but I’m not going to tell you what it is,” NSA agent Richard Marshall said.

PIC: Richard Marshall Credit: Sean M. Kerner

News Around the Web