Tag: Vulnerability Sales

  • Almost Zero Value in “Zero Progress on Zero-Days”; a Rebuttal

    Almost Zero Value in “Zero Progress on Zero-Days”; a Rebuttal

    The following blog is general comments and a rebuttal of sorts to the following paper: “Zero Progress on Zero-Days: How the Last Ten Years Created the Modern Spyware Market” by Mailyn Fidler, Assistant Professor, University of New Hampshire, Franklin Pierce School of Law [Link] Unfortunately, I can’t easily cut and paste from this PDF which…

  • Perlroth & The First (Zero-Day) Broker

    I am currently reading “This Is How They Tell Me The World Ends” by Nicole Perlroth, only on page 60 in Chapter 5, so a long ways to go before completing the 471 page tome. I hit chapter 4, titled “The First Broker” and it was of specific interest to me for sure, prompting this…

  • Zero-days: Two Questions from Perlroth

    Zero-days: Two Questions from Perlroth

    I am currently reading “This Is How They Tell Me The World Ends” by Nicole Perlroth, only on page 17 in Chapter 2, so a long ways to go before completing the 471 page tome. While only 17 pages in, there are already some annoyances to be sure, but the tone, scope, and feel of…

  • OSVDB – We’re offering a bounty… of sorts!

    [This was originally published on the OSVDB blog.] In our pursuit of a more complete historical record of vulnerabilities, we’re offering a bounty! We don’t want your 0-day really. OK sure we do, but we know you are stingy with that, so we’ll settle on your ~ 12,775 day exploits! First, the bounty. This is…

  • The curiously creeping value of the iOS vulnerability…

    [This was originally published on the OSVDB blog.] The market for vulnerabilities has grown rapidly the last five years. While the market is certainly not new, going back well over ten years, more organizations are interested in acquiring 0-day / private vulnerabilities for a variety of needs. These vulnerabilities cover the gambit in applications and…

  • The Black Market Code Industry

    [This was originally published on the OSVDB blog.] Adam Penenberg wrote an article titled “The Black Market Code Industry” for FastCompany in which he details his research of two HP employees that actively sold exploit code in their spare time, at least one selling exploits in HP’s own software. According to the article, HP knew…

  • “high price bug brokering market just isn’t viable”

    [This was originally published on the OSVDB blog.] On January 17, 2007, SnoSoft / Netragard LLC announced a new Exploit Acquisition Program designed to compete with iDefense, TippingPoint and others. Nothing special or different other than the suggestion that they would pay more for high end vulnerabilities. A little over a year later, and they…

  • The value of 0-day…

    [This was originally published on the OSVDB blog.] Another interesting article regarding the value of 0-day vulnerabilities. Rob Lemos relates the stories of a few researchers who sold their 0-day vulnerability/exploit information for big dollars. The twist here, which is news to some, is who purchased it (the .gov) and for how much (as high…