(part 2)
(3) Make a strategic decision to support a new attack vector because there is a demand for it by the clients - the company would need to invest a lot of resources to mature the item / plug it into the infrastructure
(3) Make a strategic decision to support a new attack vector because there is a demand for it by the clients - the company would need to invest a lot of resources to mature the item / plug it into the infrastructure
(which it takes a lot of time and the item might be patched) and create a “product” around it.
In addition, because it’s a new product line, the company would need to offset researchers from other vectors to focus on the Microsoft Exchange new vector. That means that is less likely to happen and most of the times the e2e company will pass the opportunity to buy it.
Governments on the other end:
(1) Can do whatever they want
(2) Runs the operations (domestic / international)
(2) Because the gov runs the operations, they have different operational needs (vulnerabilities)
(1) Can do whatever they want
(2) Runs the operations (domestic / international)
(2) Because the gov runs the operations, they have different operational needs (vulnerabilities)
Why do you care?
Governments are willing to pay for “one-time solutions” for example our Microsoft Exchange vulnerability – because it will allow them to move forward in a single operation and that by itself will be worth for them to buy the item
Governments are willing to pay for “one-time solutions” for example our Microsoft Exchange vulnerability – because it will allow them to move forward in a single operation and that by itself will be worth for them to buy the item
But the most important takeaway I would like to focus on is: an e2e company can't monetize an unmaintainable item with no pre-existing infrastructure or support because the efforts they would have to put into it would outweigh the benefits.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
