Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Navy Solicits Zero Days

Posted by samzenpus on from the how-would-you-break-this? dept.

msm1267 writes: The US Navy posted a RFP, which has since removed from FedBizOpps.gov, soliciting contractors to share vulnerability intelligence and develop zero day exploits for most of the leading commercial IT software vendors. The Navy said it was looking for vulnerabilities, exploit reports and operational exploit binaries for commercial software, including but not limited to Microsoft, Adobe, [Oracle] Java, EMC, Novell, IBM, Android, Apple, Cisco IOS, Linksys WRT and Linux, among others. The RFP seemed to indicate that the Navy was not only looking for offensive capabilities, but also wanted use the exploits to test internal defenses.The request, however, does require the contractor to develop exploits for future released CVEs. "Binaries must support configurable, custom, and/or government owned/provided payloads and suppress known network signatures from proof of concept code that may be found in the wild," the RFP said.

2 of 59 comments (clear)

  1. Ask the NSA by quenda · · Score: 3, Interesting

    So much for post-911 interagency cooperation. While one agency is inserting weaknesses, another is having to buy then on the open market. Though the Navy approach is probably cheaper.

  2. Why.... by Luthair · · Score: 1, Interesting

    does every agency and division of the military need to do this? Seems like the classic not invented here syndrome and a colossal waste of tax payer money.