The U.S. government is looking for companies willing to give them vulnerability to popular software products Microsoft, Adobe, Google, Apple and other companies, reports the electronic frontier Foundation (EFF) involved in the protection of the private lives of citizens. The contractor shall provide the government a list of “holes” security zero-day.
The U.S. Navy published on the procurement website the announcement of finding companies willing to provide them with information about vulnerabilities in popular software products and methods for their use. “The government needs the support of contractors in order to meet the increased demand for imitations of famous performers of cyber attacks and their capabilities,” the document says.
According to Cnews, the announcement was revealed by one of the analysts EFF David Mas. After he posted a link to the document on his Twitter, the announcement from the website of public procurement disappeared. The organization has made an electronic copy.
In the ad, the customer asked interested vendors to provide information about vulnerabilities that are not yet listed in the CVE database, analyst reports, and the exploits that allows you to operate promulgated the “hole”. Rights to use exploits, according to the conditions of the cooperation shall be transmitted to the American government.
The main interest of the U.S. Navy exhibit to the products developers such as Microsoft, Apple, Adobe, EMC, Novell, IBM, Cisco Systems and Linksys. All of these vendors mentioned in the ad. The announcement also highlighted the interest in the vulnerabilities of Android, Linux and Java. The list for power of vendors and products “is not limited to”, the document says.
According to EEF, it is unfortunate to realize that the US authorities is more important to use the vulnerability for surveillance instead of protecting the millions of users of the software. In the government there is even a secret rulebook Vulnerabilities Equities Process governing the notification process intelligence software vendors, about the presence of vulnerabilities in their products. In the past year, EFF has filed a lawsuit against the national security Agency of the USA with the requirement to disclose this manual.