Creating and Selling Zero-day Exploits

Bruce Schneier has written about and compiled some great info and links regarding the market for creating and selling zero-day exploits in his Crypto-Gram newsletter.

Here’s some highlights:

  • Forbes published a price list for zero-day exploits.
  • The more exploits are sold, the more likely it is that zero-days stay secret and unpatched.
  • Criminal organizations, companies, and governments (including the NSA) pay for exploits.
  • The amounts paid for zero-day exploits provide software engineers with incentives to create vulnerabilities in their code (get paid twice).

I’m working my way through all the articles that Schneier wrote or linked to, and you might find them interesting too. See it all here.

I strongly suggest you at least read these:

Meet the Hackers Who Sell…

Cyber Weapons: The New Arms Race

I’m interested in what you think… Sound too much like scifi? Does it scare you? Do the antivirus and malware vendors detect ALL exploits or do they ignore the ones the NSA releases?


Leave a comment

Filed under Security

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.