Monthly Archives: March 2010


Exploit Acquisition Program – More Details

The recent news on Forbes about our Exploit Acquisition Program has generated a lot of interesting speculative controversy and curiosity. As a result, I’ve decided to take the time to follow up with this blog entry. Here I’ll make a best effort to explain what the Exploit Acquisition Program is, why we decided to launch the program, and how the program works. What it is:The Exploit Acquisition Program (“EAP”) officially started in May of 1999 and is currently being run by Netragard, LLC. EAP specifically designed to acquire “actionable research” in the form of working exploits from the security community. The Exploit Acquisition Program is different than other programs because participants receive significantly higher pay for their work and in most cases the exploits never become public knowledge.The exploits that are acquired via the EAP are sold directly to specific US based clients that have a unique and justifiable need for such technologies. At no point does Netragard sell or otherwise export acquired exploits to any foreign entities. Nor do we disclose any information about our buyers or about participating researchers. Why did we start the […]

Professional Script Kiddies vs Real Talent

The Good Guys in the security world are no different from the Bad Guys; most of them are nothing more than glorified Script Kidies. The fact of the matter is that if you took all of the self-proclaimed hackers in the world and you subjected them to a litmus test, very few would pass as acutal hackers.This is true for both sides of the so called Black and White hat coin. In the Black Hat world, you have script-kids who download programs that are written by other people then use those programs to “hack” into networks. The White Hat’s do the exact same thing; only they buy the expensive tools instead of downloading them for free. Or maybe they’re actually paying for the pretty GUI, who knows?What is pitiable is that in just about all cases these script kiddies have no idea what the programs actually do. Sometimes that’s because they don’t bother to look at the code, but most of the time its because they just can’t understand it. If you think about it that that is scary. Do you really want […]