Re: selling exploits to ZDI

[Robin Wood <robin () digininja org>]

On 6 April 2012 22:05, Gerardo Iglesias Galvan <iglesiasg () gmail com> wrote:
> The price really depends on the vendor, product and severity of the vuln,
> but for pre-auth RCE on a product from a big vendor (let's say e.g. IBM) you
> could get up to $1k.

I don't know much about prices but I would have thought a pre-auth RCE
is worth a hell of a lot more than that.

Robin

> Cheers,
> Gerardo Iglesias
>
> On Thu, Apr 5, 2012 at 5:01 PM, Robin Wood <robin () digininja org> wrote:
> > I'm probably going to do the Corelan exploit development course at
> > BruCon but I'm trying to work out the rough selling price for exploits
> > to ZDI. I tried asking them on twitter but the best I got back was
> > that they had paid $x over y years and told to do the maths. That
> > doesn't really help so I was wondering if anyone here could give me a
> > rough idea of prices.
> >
> > I'll be just starting out so probably finding small things in obscure
> > apps to start with just to get used to doing things then start moving
> > upwards if things work out. I've read all the information on the
> > things that affect the price but I'd just like to get an idea of a
> > base prices so I can then apply their conditions when I'm thinking of
> > targets and what to look at.
> >
> > Robin
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com