acm-header
Sign In

Communications of the ACM

ACM TechNews

Secrecy Surrounding 'zero-Day Exploits' Industry Spurs Calls For Government Oversight


View as: Print Mobile App Share:
cyber crime, illustration

Credit: eHow.com

A barely regulated industry for zero-day exploits sold by researchers has sprung up, and even certain insiders believe trade of these hacker or security tools should be subject to more stringent regulation, analysts say. They note demand for such tools is stoked by their potency and unpredictability, and this worries experts, who are urging greater government oversight.

There is a precedent for regulating an industry such as zero-day exploits, as the U.S. Commerce Department oversees the sale of software, exploits associated with cryptography, and some penetration-testing software. One of the few nations to tightly regulate exploits is Germany, which has outlawed the free distribution of such exploits as well as the domestic sale of exploits. The debate on regulation partly hinges on whether computer code counts as free speech and thus should be exempted from limitations.

The zero-day trade is extremely secretive, with most sales conducted through intermediaries who protect their client list and require the researchers who sell for them to sign nondisclosure agreements. "The big issue is really the fact that researchers are put in this position to either make $50,000 doing the thing that doesn't help anyone, or do something for free that helps people," said former U.S. National Security Agency staffer Charlie Miller.

From The Washington Post
View Full Article

 

Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account