Security Market Segment LS
Tuesday, 21 March 2017 11:03

Vault 7: Plans to expose firms that do not patch flaws


Some organisations such as the Mozilla Foundation have received information from WikiLeaks to tend to vulnerabilities in their products which were recorded in the CIA document dump known as Vault 7 that was made a fortnight ago.

WikiLeaks publisher Julian Assange said, apart from confirming that the offer had been made, Google and some other companies had yet to respond.

Assange held a press conference overnight on 10 March to offer to share unpublished data from Vault 7 with technology companies to enable them to fix vulnerabilities detailed therein.

During that conference, he also said that once the remaining material — which he said was a very large amount — had been vetted and critical details redacted, it would be released to the public.

In a statement issued on Friday, Assange said the companies who had been contacted had not agreed, disagreed or questioned what he termed as WikiLeaks' standard industry disclosure plan.

The standard disclosure time for a vulnerability is 90 days after the person/company responsible for patching the software is given full details of the vulnerability.

Assange said most of the companies who were lagging behind in agreeing to the disclosure plan and receiving information about vulnerabilities from WikiLeaks, "have conflicts of interest due to their classified work for US government agencies".

Many multinational technology companies in the US have big contracts with government agencies and departments. For example, Microsoft recently cut a deal with the Pentagon for Windows 10 installations.

Linux companies are also part of this mix: Red Hat Linux has contracts for its enterprise Linux with the NSA which runs some of its spying software on the platform.

Even newspaper companies have ties of this nature: the owner of the Washington Post, Jeff Bezos, who is better known as the boss of Amazon, has a US$600 million to supply cloud services to the CIA.

Assange said, in practice, associations such as these limited tech industry staff from fixing security holes based on information that had been leaked from the CIA.

"Should such companies choose to not secure their users against CIA or NSA attacks, users may prefer organisations such as Mozilla or European companies that prioritise their users over government contracts," he said.

"Should these companies continue to drag their feet, we will create a league table comparing responsiveness and government entanglements so users can decide for themselves."

Cisco on Friday announced that 318 of its router models were at risk of a remote attack through a vulnerability detailed in the Vault 7 documents.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments