From the ‘I‘ve always wondered‘ files:
LAS VEGAS. I’m in the super mega Feds vs Ex-Feds panel now at Black Hat and already I’ve learned something I didn’t know.
There is a divergence of opinion in the security industry about whether or not people should buy zero-day exploits. Tipping Points has a whole business model built around it and it seems to work for them – but what about the government?
Does the US Government buy zero-day exploits?
“I don’t buy zero days,” US-CERT director Mischel Kwon said.
Kwon is just one branch of the government.
The NSA had a less specific answer.
“I can tell you we have a policy but I’m not going to tell you what it is,” NSA agent Richard Marshall said.
PIC: Richard Marshall Credit: Sean M. Kerner