Re: selling exploits to ZDI

[Gerardo Iglesias Galvan <iglesiasg () gmail com>]

The price really depends on the vendor, product and severity of the vuln,
but for pre-auth RCE on a product from a big vendor (let's say e.g. IBM)
you could get up to $1k.

Cheers,
Gerardo Iglesias

On Thu, Apr 5, 2012 at 5:01 PM, Robin Wood <robin () digininja org> wrote:

> I'm probably going to do the Corelan exploit development course at
> BruCon but I'm trying to work out the rough selling price for exploits
> to ZDI. I tried asking them on twitter but the best I got back was
> that they had paid $x over y years and told to do the maths. That
> doesn't really help so I was wondering if anyone here could give me a
> rough idea of prices.
>
> I'll be just starting out so probably finding small things in obscure
> apps to start with just to get used to doing things then start moving
> upwards if things work out. I've read all the information on the
> things that affect the price but I'd just like to get an idea of a
> base prices so I can then apply their conditions when I'm thinking of
> targets and what to look at.
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com