Now WikiLeaks threatens to disclose software vulnerabilities

One WikiLeaks disclosure condition is similar to Google’s: Companies must fix vulnerabilities with in 90 days

Now WikiLeaks threatens to disclose software vulnerabilities
Michael Kan

Earlier this month, the notorious info leaker WikiLeaks published a batch of documents from the CIA detailing how the CIA has developed several tools to crack, break into or infect all kinds of devices—from PCs to Smart TVs—even if they are not connected to the internet. 

At the time, WikiLeaks leader Julian Assange promised that the site would work with the affected tech companies to give them exclusive access to the technical details of those exploits and would not go public with the exploits and back doors. 

However, it wasn't until this week that WikiLeaks got in contact with the listed tech companies, such as Microsoft, Apple and Google, according to Motherboard, the tech site run by Vice. Citing unnamed sources familiar with the matter, Motherboard said WikiLeaks has made demands on the initial contact with firms but didn't share any of the alleged CIA codes. 

Instead WikiLeaks sent a series of undisclosed conditions that it wants the firms to sign off on before receiving further information from WikiLeaks. The only condition revealed to the press until now was a 90-day disclosure deadline to compel companies to issue patches. 

This is reminiscent of Google's Project Zero, which has been a major thorn in the side of Microsoft by publicly disclosing at least two Windows vulnerabilities after the 90-day period from its initial warning to Microsoft had expired. 

The question remains of Assange's demands. He's no fan of Google and made that clear in his book When Google Met WikiLeaks. I can't imagine he likes Microsoft much, either. 

Then again, the tech companies may want nothing to do with WikiLeaks. Due to the illegal origin of those files—which are considered classified—and the way they were obtained, receiving that information may be illegal for the companies.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2017 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)