Discus Systems PLC - IT Support Company in Birmingham West midlands
0800 880 3360
Wikileaks to give Apple, Microsoft and Google 90-day deadline to fix flaws found in Vault7 files
Posted by Damien Biddulph on Tue 21st Mar 2017


  Business IT Support (4 hour response)
Server Support £166.00 + VAT per month
Workstation Support £20.00 + VAT per month
Cloud Service Support £66.00 + VAT per month
On-site Technican £680.00 + VAT per day

Please call 0800 880 3360 (01675430080) for more information or email u2us@discus.co.uk

Arrange A Callback
Your Name:
E-Mail Address:
Tel Number:
Mobile Number:

Click 'Call Me' to request a callback.

Tech firms mull options

Wikileaks wants flaws fixed in 90-days

Wikileaks wants flaws fixed in 90-days

Wikileaks promise to give tech companies access to exploits in their systems before being made public have hit a snag after the organisation added a demand that they must be fixed within 90 days.

"We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out," said Wikileaks founder Julian Assange during a Facebook Live press conference days after the Vault7 disclosures - what is believed will be the first of many from a trove that runs to more than 750,000 documents.

But now, according to reports, when Assange finally contacted Apple, Microsoft and Google about disclosing security flaws in their operating systems before Wikileaks publishes documents in future, he made a series of demands that the companies are now mulling over.

These include a demand that the companies adhere to a 90-day deadline to deal with the vulnerabilities highlighted in the documents. If their software is not patched within that time, Wikileaks will go ahead and publish the information in its trove of leaked documents, regardless of the aggravation this may cause to the companies.

The 90-day deadline is the same that Google's own Project Zero security group provides to companies when it uncovers flaws in their software. If a company has failed to patch its software accordingly, Project Zero publishes details of the flaw whether the vendor likes it or not.

Companies affected by this policy in recent months include Microsoft - twice.

The aim is to chivvy companies into improving the quality of the software they provide, as well as making them more responsive to reports of security flaws.

While the deadline is, therefore, not uncommon, the fact the releases of the data is being used as a way to tell the tech companies how to act is likely to annoy the likes of Apple, Microsoft and Google.

Furthermore, as the information is coming from seemingly stolen classified documents, there could be uncertainty about the legal ramifications of receiving and acting on the information.

It is also worth nothing that the CIA hasn't made any moves to inform the companies themselves of the security flaws it has seemingly exploited so that they can patch their software accordingly, despite the Wikileaks disclosures effectively busting the CIA.

In addition, it is strongly suspected that Wikileaks was fed the documents - most of which would appear to be a few years old - by Russia, which would mean that it isn't just the CIA that has the knowledge of these security flaws, but also (at the least) Russia's FSB, the successor organisation to the KGB of the Soviet era.  

Source: v3.co.uk



corner spacer corner

Related News

corner spacer corner
Veeam Specialist Microsoft Small Business Specialists Birmingham Microsoft Gold Certified Partner Birmingham Siemens Solution 1 Reseller Birmingham Sonicwall Specialists Birmingham Business Link Approved Birmingham Fujitsu Primergy Certified Partner Birmingham Facebook Follow us on Twitter ESET NOD32 VMWare
IT Support
IT Services
IT Solutions
Get Support Now
© 2018 Discus Systems plc. All rights reserved. Content Management by Verve Digital