Navy openly solicits for 0-day bugs to weaponize


#1

[Read the post]


#2

Having read the solicitation, its pretty clear this was as much about N-days (N<180) and CVE->exploit conversion, and the intent was for the red team to simulate attackers on the Navy’s own network, not for tools to attack others.

It was also specifically a small business solicitation, so something smaller than the typical defense contractors who are responsible for the bulk of the toys in the spys’ toolkit.


#3

Meanwhile, back at the farm…


#4

Great work, NSA!


#5

Wait, don’t they prosecute people who reveal these vulnerabilities? Nice try, Navy, but the white hats are staying home this time.


#6

You mean Navy, right?


#7

Uhm, no?


#8

No, I meant NSA. I was responding to Crenquis’ post, which is about … oh, heck, read it for yourself.


#9

This topic was automatically closed after 5 days. New replies are no longer allowed.