James Delahunty
22 Sep 2013 18:25
According to reports, the National Security Agency (NSA) in the United States buys Zero Day exploits and other tools/information from French firm Vupen.
Vupen does research looking for vulnerabilities in popular software, like web browsers, and then sells that information rather than disclosing it to the software vendor.
According to paperwork released under a Freedom of Information Act (FOIA) request, the NSA is a Vupen customer, buying a 12 month subscription to a "binary analysis and exploit service" sold by the French company, reports The Hacker News.
How much money exactly the NSA has given to Vupen is unclear, as the information is redacted in documents.
Vupen is criticized by security experts and has even been branded a "zero day cyber weapon merchant." It reportedly has promised not to sell services to non-NATO countries and not to deal with oppressive regimes.