January 30, 2007

NY Times on the "Market" For Software Vulnerabilities

NY Times has an interesting piece today on the "market" for software vulnerabilities. Market is in quotes since there are a limited number of open market buyers and the vulnerability market is one of the few where the seller has to make a decision between selling to a good guy or bad guy. Layer in the used car effect where the vulnerability finder may have a better view of the capabilities of a new exploit than the buyer (assuming an exploit exists) and the vulnerability market is clearly an inefficient and scary place. Finally, vulnerabilities used to trade primarily in publicity currency, but now there are places where they can be sold, albeit not for enough to equal the average salary of a high end security researcher at any of the major IT or security vendors.

Posted by Abner on January 30, 2007 10:17 AM

Recent Entries
iPhone's SIM Locks: Hardware vs. Software vs. Lawyers
Even (or especially) contests could use a security review
Vendors Responses: Voting Machines and the Pwnie Awards
Dude "Security Rocks"
iPhone Wi-Fi Vulnerability
Harry Potter Security
iPhone Hacking & Fustrations
Let the iPhone Hacking Begin
Geer heads to Washington, Again
This Just In: DRM still doesn't work
Phishing meets Internet Advertising
How long to unlock the iPhone Operating System?
Predictive Markets For Politics
The Irony of Phone Security Google Ads
Why Biometric Fingerprint Readers Are A Waste
How to Blag an Interview
Yet another Boston marketing flub
MAC vs. Vista Security
The latest in physical security
Data Loss Archive
Guerrilla Marketing Backfires in Boston
NY Times on the "Market" For Software Vulnerabilities
Not marketing security, marketing *during* security