The CIA should help vendors patch the flaws it was exploiting

The CIA exploits exposed this week reveal that the agency does hacking just like criminals do, including buying exploits from black-hat researchers who sell their wares on the dark web.

It’s also a demonstration of bad security on the part of the CIA, which apparently entrusted the entire portfolio to both agency employees and contractors, one of whom turned out not to be trustworthy and passed them on to Wikileaks.

A criminal investigation into who that was is underway so the CIA is rightfully busy with that, but it should try to find time to help out the vendors whose gear was exploited patch the flaws quickly. Before the leak, these attacks were not widely known. But now that they are, they have little value to the CIA anymore, so the CIA should help shore up the vulnerabilities.

To read this article in full or to leave a comment, please click here