Wikileaks attaches strings to promise to disclose security flaws to Apple, Google and Microsoft before publishing new documents

Wikileaks demands that companies promise to fix flaws abused by the CIA within 90-days of disclosure

Promises by Wikileaks founder Julian Assange to disclose documents relating to CIA exploits have floundered due to 'demands' made by the idiosyncratic organisation.

"We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out," said Assange during a Facebook Live press conference days after the Vault7 disclosures - what is believed will be the first of many from a trove that runs to more than 750,000 documents.

But according to reports, when Assange finally contacted Apple, Microsoft and Google about disclosing security flaws in their operating systems before Wikileaks publishes documents in future, he made a series of demands that the companies are now mulling over.

These include a (not unreasonable) 90-day deadline for the companies to deal with the vulnerabilities highlighted in the documents. If their software is not patched within that time, Wikileaks will go ahead and publish the information in its trove of leaked documents, regardless of the aggravation this may cause to the companies.

The 90-day deadline is the same that Google's own Project Zero security group provides to companies when it uncovers flaws in their software. If a company has failed to patch its software accordingly, Project Zero publishes details of the flaw whether the vendor likes it or not.

Companies affected by this policy in recent months include Microsoft - twice.

The aim is to chivvy companies into improving the quality of the software they provide, as well as making them more responsive to reports of security flaws.

For its part, while Wikileaks has published information about exploits that the CIA would appear to have - and have used in recent years - it hasn't published the raw code for exploits that the CIA has apparently used.

Furthermore, while the authenticity of the leaks aren't in doubt, the CIA hasn't made any moves to inform the companies themselves of the security flaws it has seemingly exploited so that they can patch their software accordingly, despite the Wikileaks disclosures effectively busting the CIA.

In addition, it is strongly suspected that Wikileaks was fed the documents - most of which would appear to be a few years old - by Russia, which would mean that it isn't just the CIA that has the knowledge of these security flaws, but also (at the least) Russia's FSB, the successor organisation to the KGB of the Soviet era.