Unpatched Security Flaws Openly Solicited by US Navy

Governments unsurprisingly are trying to buy unpatched certificate exploits in the name of surveillance or cyber defence but refrain from admitting it.

US Navy however, was caught by the Electronic Foundation soliciting for unpatched security flaws.

The Physics Foundation revealed that the US Navy is up to my neck in soliciting of zero-day exploits and less than 6-months old vulnerabilities for relatively more than common software from Microsoft, Google and Apple.

US Navy Facing 110,000 Cyber Attacks All Hour

This got unclothed direct the Navy's request for solicitation on FedBizOpps. In the post, the Nav asked security system researchers to sell them "their vulnerability intelligence, exploit reports and operational exploit binaries moving widely utilized and relied upon commercial software."

The collection was in the main for "0-day or N-day (no older than 6 months experienced)" bugs, which means the Naval forces was just interested in unpatched package that can be weaponized.

The US Navy acted speedily and took drink down the billet. All the same, it was clearly evident that the subject branch was difficult to convert these flaws into "feat binaries." This means, the Navy wants to use the finished software for attacks.

Surety researchers usually write programs in order to prove the harmfulness of security flaws but so much a request from the Navy certainly raises questions nearly the government's priorities.

At a time when the US is devising arrangements for restricting the export of attacks like zero-Clarence Day but on the other hand, it is encouraging security testers for selling them the selective information ahead informing developers.

This trading will expose users to hackers for an unnecessarily prolonged duration while the government gives general public the impression that IT is belligerent digital wars for their safety.

The Navy pulled the solicitation down aft Bang's Dave Maass tweeted about it, but EFF saved a copy. Hump is also suing the US government for a look at its Vulnerabilities Equities Procedure.

Have a take deleted copy preserved by EFF below:

BoingBoing

Screw

I am a UK-settled cybersecurity journalist with a passion for application the latest happenings in cyber surety and technical school populace. I am too into gaming, reading and investigative journalism

Source: https://www.hackread.com/us-navy-unpatched-security-flaws/

Posted by: hestertoeopla.blogspot.com

Share this post