The recent news on Forbes about our Exploit Acquisition Program has generated a lot of interesting speculative controversy and curiosity. As a result, I’ve decided to take the time to follow up with this blog entry. Here I’ll make a best effort to explain what the Exploit Acquisition Program is, why we decided to launch the program, and how the program works.
The Good Guys in the security world are no different from the Bad Guys; most of them are nothing more than glorified Script Kidies. The fact of the matter is that if you took all of the self-proclaimed hackers in the world and you subjected them to a litmus test, very few would pass as acutal hackers.
This is true for both sides of the so called Black and White hat coin. In the Black Hat world, you have script-kids who download programs that are written by other people then use those programs to â€œhackâ€ into networks. The White Hatâ€™s do the exact same thing; only they buy the expensive tools instead of downloading them for free. Or maybe theyâ€™re actually paying for the pretty GUI, who knows?
What is pitiable is that in just about all cases these script kiddies have no idea what the programs actually do. Sometimes thatâ€™s because they donâ€™t bother to look at the code, but most of the time its because they just canâ€™t understand it. If you think about it that that is scary. […]