A Microsoft (MSFT) executive has blasted the CIA and NSA for “stockpiling” vulnerabilities in software instead of reporting them to industry so that they can be fixed.
Brad Smith, president and chief legal officer of Microsoft, made the comments in a blog Sunday.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith wrote.
Friday’s ransomware attack hit tens of thousands of computer systems around the globe, causing shutdowns of National Health Service clinics in Great Britain, scrambling rail services in Germany, and even hitting the Russian Interior Ministry.
SMALL INVESTMENT, BIG POTENTIAL. TheStreet’s Stocks Under $10 has identified a handful of stocks with serious upside potential.
A researcher in the UK managed to halt much of the spread by registering a domain name in the ransomware code that acted as a “kill switch.” But computer experts are warning that new variants of the ransomware are already being seen without the kill switch.
Microsoft developed a patch for the vulnerability earlier this spring, after it was released by a hacker group online. But many computer systems are not set for automatic updates, and older systems may not even be supported anymore.
“We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” Smith wrote.
“This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them,” he added.
You see Jim Cramer on TV. Now, see where he invests his money. Check out his multi-million dollar portfolio and discover which stocks he is trading. Learn more now.