X
Tech
Home Tech Security

Security breakdown? Nah, just marketing hype

Sean Hargrave over at the Guardian seems concerned about security research firms paying hackers for exploits before they are even reported to the responsible vendor. My reaction to this issue has been: "So what, big deal".
Written by Richard Stiennon, Contributor

Sean Hargrave over at the Guardian seems concerned about security research firms paying hackers for exploits before they are even reported to the responsible vendor. My reaction to this issue has been: "So what, big deal".

Various vendors have made defending against so-called 0day exploits their primary differentiator. The concept is that most organizations are already well defended against known threats. Therefore, their biggest concern is being ready for the attack that comes in the night that is brand new. Couple problems here. Most organizations are *not* well protected. Look at the recent success hackers have had of infecting over 10,000 web servers with malicious Trojans.

Making your security purchase decisions based on a vendor's claims or ability to "get the exploits first" is silly. Security has moved into the somewhat more boring realm of compliance, efficiency, manageability, reliability, throughput, and effectiveness. Winning the race to the next 0day worm is not a buying criteria.

You may question the morality of a vendor paying people to discover exploits but at the end of the day it just does not matter. So what, big deal.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

windows-11-laptop

Microsoft is now showing ads in Windows 11's Start menu. Here's how to block them

Placeholder product image alt text

The best AI image generators to try right now