WikiLeaks has promised to release software code of CIA hacking tools to tech firms.
The promise from chief Wikileaker Julian Assange – now ensconced in Ecuador's London embassy for four and a half years – came on Thursday during a internet-streamed press conference on Vault 7, its recent CIA cyber-weapons documents dump.
"We have decided to work with them [manufacturers] to give them some exclusive access to the additional technical details we have, so that fixes can be developed and pushed out," Assange said. "Once this material is effectively disarmed by us, by removing critical components, we will publish additional details."
National security experts argued that the info should come from the source itself, rather than through WikiLeaks.
"Disclosure of #Vault7 0days should come from USG, not Wikileaks," said former USAF officer turned cybersecurity expert Jason Healey. "WH should convene emergency VEP & CIA should disclose ASAP to vendors."
Computer science professor Matthew Green added: "Assange is personally going to see those Android 4.x phones get patched."
Others were more supportive. "Actually, among the crap, this is reasonable," said Rob Graham of Errata Security. Wikileaks should disclose the 0days to vendors to patch them." ®