[This was originally published on the OSVDB blog.]
There has been a steady stream of papers and research examining the market for vulnerabilities. Countless people have blogged on it in passing and more people are starting to take interest in it for many reasons. Here are a couple papers (courtesy of Danchev’s blog) that cover the issue. When I find time, I hope to dig up links to others I have seen mentioned, as well as dig into the footnotes of these.
Vulnerability Markets: What is the economic value of a zero-day exploit?
Rainer Bohme – Dec 27, 2005
Market for Software Vulnerabilities? Think Again
Karthik Kanna, Rahul Telang – Dec 12, 2004
An Economic Analysis of Market for Software Vulnerabilities
Karthik Kanna, Rahul Telang – May 3, 2004