Vupen does research looking for vulnerabilities in popular software, like web browsers, and then sells that information rather than disclosing it to the software vendor.
According to paperwork released under a Freedom of Information Act (FOIA) request, the NSA is a Vupen customer, buying a 12 month subscription to a "binary analysis and exploit service" sold by the French company, reports The Hacker News.
How much money exactly the NSA has given to Vupen is unclear, as the information is redacted in documents.
Vupen is criticized by security experts and has even been branded a "zero day cyber weapon merchant." It reportedly has promised not to sell services to non-NATO countries and not to deal with oppressive regimes.
Written by: James Delahunty @ 22 Sep 2013 18:25