Selling security flaws is a thriving business — and if you do it right, it's legal too. Here's what it looks like from the inside.
Adriel Desautels
As long as there's software, that software will have security holes, and some people will pay money to find those holes. It's called the exploit trade, and it's one of the most misunderstood corners of the tech world. The right exploit can bring in a small fortune, and the people trading tend to be very secretive about who they're selling to. Whenever a new exploit pops up, like this week's newly discovered flaw in Java 7, the traders tend to show up in the press as the tech world equivalent of globe-trotting supervillains — rich, powerful, and living only to torment the upstanding developers of the world. Naturally, the truth is a bit more complex.
To clear the air, Buzzfeed caught up with Adriel Desautels, CEO of the security firm Netragard and occasional exploit trader, to explain why what he does isn't harmful — even if it could use a little more regulation. Here's what we learned.
It Always Has To Be Legal
We're in the business of protection. Whether you're a company or you're a public sector company, we protect people from threats. And in order for us to do what we're doing, it has to be legal. This market must be legitimate and it must be something that can be done ethically and within the confines of the law.
Your Computer Is the Most Dangerous Thing You Own
Think about this: If I go out and buy a brand new MacBook Pro or whatever, that computer can be used to do far more dangerous things than any single exploit. I can commit fraud. I can launch phishing attacks. I can write as many exploits as I want. I can launch denial-of-service conditions. I can control a botnet. I can steal credit-card information. I can run illegal porn rings or human trafficking or god knows what. You name it. It's limitless. With a laptop computer. But people don't sit there saying, "Oh my God, laptops are so dangerous, computers are so dangerous," because they know what computers can be used for. The reason people fear exploits is because they don't have a clue.