Govts must report vulnerabilities to vendors: Microsoft

By

Top legal officer calls for "Digital Geneva Convention".

Microsoft is calling for governments to be forced to report technology vulnerabilities to vendors to prevent the type of widespread damage that has resulted from the global WannaCrypt ransomware worm attack.

Govts must report vulnerabilities to vendors: Microsoft
Brad Smith, Microsoft chief legal officer.

WannaCrypt has ripped through networks and infected hundreds of thousands of unpatched and unsupported Windows computers around the world.

The worm uses two exploits developed by the United States National Security Agency.

A group of hackers calling themselves the Shadow Brokers broke into systems at The Equation Group, which is linked to the NSA, and copied and released the vulnerabilities on the internet.

Microsoft says governments of the world should treat the WannaCrypt attacks as a wake-up call and stop hoarding vulnerabilites to be used offensively.

"... this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Microsoft chief legal officer Brad Smith wrote.

"This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.

"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."

Microsoft said it wants the same rules that apply to weapons in the real world to cover vulnerabilities and exploits.

In February this year Microsoft raised the prospect of a Digital Geneva Convention, inspired by the existing treaties that deal with weapons usage by nation states during conflicts and wars.

As part of such an agreement, governments would be required to report vulnerabilities to vendors rather than stockpile or exploit them, Smith said. 

In March, unnamed US intelligence officials told Reuters that some 90 percent of all American government spending on cyber programs went to offensive efforts.

This includes penetrating defensive systems, interception and surveillance of communications, and developing ways to degrade and interrupt civil infrastructure, the officials reportedly said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
brad smithmalwaremicrosoftransomwaresecuritywannacrypt

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?