Dailydave mailing list archives
Re: Vulnerabilities Market
From: rajat swarup <rajats () gmail com>
Date: Thu, 20 May 2010 12:43:17 -0400
On Wed, May 19, 2010 at 1:33 PM, Jason Syversen <jason.syversen () gmail com> wrote:
There's a good survey of the 0-day vulnerabilities market with breakdowns by vendor including pricing, trustworthiness and friendliness posted online at http://unsecurityresearch.com/index.php?option=com_content&view=article&id=52&Itemid=57 (thanks to @reversemode RT @nrathaus). I went through the survey and did some analysis of average prices by client side vulnerabilities, server side vulnerabilities and both as well as percentage of purchases that are "high value" and off the survey charts: http://cyber-son.blogspot.com/2010/05/vulnerability-market-numbers.html Also some good reading material in an older post (http://cyber-son.blogspot.com/2009/09/vulnerability-research-market.html) including some of the groups advertising research, Pedram's excellent briefing on the market and some other papers. Hadn't seen that information disseminated widely and thought there would be interest. I'm always interested in quantifying more of what's going on in the community and particularly in computer security markets like this one that tend to be extremely opaque. Hopefully more people will fill out his survey so there is improved statistical sampling. I suspect the current margin of error is workable but definitely not negligible. Enjoy.
Both Google & Mozilla Foundation were not even a part of this. They also pay researchers for 0-days in their products (Chrome & Firefox). I guess these include just the resellers and not in-house purchasers (or they could be included under "direct to buyer" category). -- Rajat Swarup www.rajatswarup.com _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Vulnerabilities Market Jason Syversen (May 19)
- Re: Vulnerabilities Market Michal Zalewski (May 21)
- Re: Vulnerabilities Market Shane (May 24)
- Re: Vulnerabilities Market Steve Shockley (May 24)
- Re: Vulnerabilities Market Shane (May 25)
- Re: Vulnerabilities Market Shane (May 24)
- Re: Vulnerabilities Market Michal Zalewski (May 21)
- Re: Vulnerabilities Market rajat swarup (May 21)
- <Possible follow-ups>
- Re: Vulnerabilities Market Michal Zalewski (May 24)