Vupen

In 2011, 2012, 2013 and 2014 Vupen won first prize in the hacking contest Pwn2Own, most notably in 2012 by exploiting a bug in Google Chrome. Their decision not to reveal the details of the vulnerability to Google, but rather to sell them, was controversial. Unlike in 2012, during Pwn2Own 2014, Vupen decided to reveal to the affected vendors, including Google, all its exploits and technical details regarding the discovered vulnerabilities, which led to the release of various security updates from Adobe, Microsoft, Apple, Mozilla, and Google to address the reported flaws.

Some years ago, Vupen was still providing information about vulnerabilities in software for free but then decided to monetize its services. "The software companies had their chance", said Vupen-founder Chaouki Bekrar according to an article in Die Zeit, "now it's too late".Philipp Alvares de Souza Soares: [http://www.zeit.de/2013/41/vupen-sicherheitsluecken-geheimdienste Cyberspionage: Durch die Hintertuer], in: Die Zeit October 2nd 2013. On 15 September 2013, it was revealed that the NSA was a client of Vupen and had a subscription to its exploit service.[http://www.darkreading.com/risk-management/nsa-contracted-with-zero-day-vendor-vupen/d/d-id/1111564? NSA Contracted With Zero-Day Vendor Vupen], Darkreading On 9 November 2014, the German magazine Der Spiegel reported that the German information security agency BSI, tasked with the protection of federal government networks, was also a client of Vupen.[http://www.spiegel.de/spiegel/vorab/bnd-will-informationen-ueber-software-sicherheitsluecken-einkaufen-a-1001771.html BND will Informationen ueber Software-Sicherheitsluecken einkaufen], in: Der Spiegel November 9th 2014. On 22 July 2015, it was revealed that Vupen provided exploits to the Italian company Hacking Team between 2010 and 2011.[https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/ Hacking Team: a zero-day market case study], Vlad Tsyrklevich's blog

On 5 May 2015, Vupen's founders filed documents to close the company [http://www.societe.com/societe/vupen-security-478502123.html#chiffrecle Registre des sociétés], Societe.com and moved to the US to start a new cybersecurity startup named Zerodium.

{{see also|Zerodium}}

On 23 July 2015, Vupen's founders launched their new cybersecurity company Zerodium in the US. The company has a different business model as it acquires zero-day capabilities from independent researchers and reports them, along with protective measures and security recommendations, to its government clients.{{cite web

| last = Fisher

| first = Dennis

| title = VUPEN Founder Launches New Zero-Day Acquisition Firm Zerodium

| publisher = ThreatPost.com

| date = July 24, 2015

| url = https://threatpost.com/vupen-launches-new-zero-day-acquisition-firm-zerodium/113933/

| accessdate = November 3, 2015}}

{{reflist|30em|refs=

{{cite news

| author = Google

| title = Chrome Stable Channel Update

|date=14 March 2014

| url = http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html

}}

{{cite journal

| author = Andy Greenberg

| title = Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)

| journal = Forbes

|date=21 March 2012

| url = https://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/

}}

{{cite magazine

| url = https://www.wired.com/threatlevel/2012/03/how-to-pwn-the-pwn2own-contest/

| author = Kim Zetter

| date=3 September 2012

| magazine = Wired

| title = How to Pwn the Pwn2Own Contest}}

}}

Category:Companies based in Languedoc-Roussillon

Category:Computer security companies

Category:Information technology companies of France

Category:Technology companies established in 2004

Category:French companies disestablished in 2015

Category:Technology companies disestablished in 2015

Category:French companies established in 2004