WikiLeaks will disclose CIA vulns to companies that sign standard responsible disclosures – or maybe not so standard?

“WikiLeaks has made initial contact with us via secure@microsoft.com,” a Microsoft spokesperson told Motherboard — but then things apparently stalled. An anonymous reader quotes Fortune:
Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security “zero days” and other surveillance methods in the possession of the Central Intelligence Agency… Wikileaks’ demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard’s sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.

Julian Assange announced Friday that Mozilla had already received information after agreeing to their “industry standard responsible disclosure plan,” then added that “most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies… such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA.” Assange suggested users “may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves.”

Source: WikiLeaks Won’t Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met – Slashdot

Seeing as we don’t know what the documents are that wikileaks is asking the affected companies to sign, I have no idea whether this is a good or bad thing tbh.

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com

Leave a Reply