This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

by Nicole Perlroth

The position most big companies—Hewlett-Packard, Microsoft, Oracle, Sun Microsystems—took at the time was that anyone who drew attention to a flaw in their products should be prosecuted or sued for tampering. Microsoft executives called it “information anarchy” and at one point compared hackers who dropped bugs on BugTraq and at hacking conventions to terrorists “who throw pipe bombs into children’s playgrounds.” That year, 2002, representatives from the major tech companies convened at the annual Def Con conference in Vegas to lay down the law. Since Def Con was founded in 1993, the conference had become a forum where hackers could present all the ways they could break into companies’ products. But recently the companies felt the hackers had gone too far. They were sick of getting called out and shamed on stage. That year, they banded together in Vegas to come up with a new approach to hackers and their bugs. It essentially boiled down to: “Give your bugs to us first. Or we’ll sue your ass.”