Internet bugs and their cures are now being promoted and launched much like the latest designer fashion item or car, and the new kid on the block is called Badlock. Some industry experts are criticising this trend, where a company discovers a bug, creates the patch for it and then runs a pre-publication campaign advertising the product. Not least because this alerts hackers to the fact that a bug has been detected, and may provide them with an opportunity to exploit it ahead of the release of the patch or cure.
The main criticism is that these companies are profiteering and exploiting cyber threat situations for commercial gain whilst putting other organisations at risk. Even just naming the bug – Badlock in this case – could provide hackers with useful hints as to the type of bug, and thus how to find the flaw and perhaps others like it. There certainly are some interesting plot twists in this particular case. The company in question, SerNet, has given some hints about the location of the flaw which suggests more than a little exploitation of the situation if it turns out that the company helped create the bug through flawed programming.
Read the full story at http://www.wired.com/2016/03/hype-around-mysterious-badlock-bug-raises-criticism/