Jump to content
Aerosol

US Navy wants 0-day intelligence to develop weaponware

Recommended Posts

Posted

In the Navy, you can sail the seven seas, in the Navy, you can p0wn your foes with ease

task_force_one.jpg?x=648&y=429&crop=1

In the Navy, the Village People sang, you can sail the seven seas and live a life of ease. And now you can also work with third parties to identify and exploit 0-day flaws in common commercial software.

That Naval job is revealed in a fascinating solicitation for a provider capable of reporting new flaws and developing weaponised software to exploit them.

“This is a requirement to have access to vulnerability intelligence, exploit reports and operational exploit binaries affecting widely used and relied upon commercial software,” the solicitation reads.

The document goes on to say it wants “... a proposed list of available vulnerabilities, 0-day or N-day (no older than 6 months old).” Quarterly updates are sought and should “include intelligence and exploits affecting widely used software.”

And here's the nasty part:

“The government will select from the supplied list and direct development of exploit binaries.”

Whoever gets the gig will also be required to “... develop exploits for future released Common Vulnerabilities and Exposures.”

The Navy's definition of “ widely used software” includes “Microsoft, Adobe, JAVA, EMC, Novell, IBM, Android, Apple, CISCO IOS, Linksys WRT, and Linux, and all others.”

“They want you | They want you | They want you as a new recruit” if you're a small business willing to do the job for a year, with the prospect of a further three years' work if you're good at it.

That the US Navy is interested in exploiting 0-days should come as no surprise to anyone, so while this solicitation looks a bit sinister it is surely business as usual, and good business for whoever gets the gig.

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...