Dark Reading reports on Black Market bugs!
Written by Daniel   
Thursday, 20 July 2006 14:36
Bucks for Bugs


JULY 20, 2006 | The going rate for a good security bug can help an undergrad pay for tuition or a cash-strapped researcher put a down payment on a car. And that's just if he or she sells it to a legitimate security software firm, which pays anywhere from $2,000 to $10,000 a bug.

The black market can be even more lucrative. A bad guy hacker can get $20,000 to $30,000 for a "weaponized" exploit, says David Maynor, senior researcher for SecureWorks. (See Getting Buggy with the MOBB.) "This is something that is pretty much fire-and-forget and wouldn't require much technical expertise to run," Maynor says.

What the two markets have in common is potential impact: The more targets a bug can hit if it's converted into an exploit and let loose in the wild, the more it pays.

Among the security firms who do business with bug writers are 3Com/TippingPoint's Zero Day Initiative, iDefense, and Digital Armaments. "They typically pay between $2,000 and $10,000 for these so they are able to better protect their clients from these exploits and work with vendors to help them develop protections," Maynor says.

It's a controversial practice. IDefense has been reviled for reselling bugs it buys, as well as for its promotions. It recently held a contest that paid $10,000 for remote Windows vulnerabilities, for example....

Much more on this @  Dark Reading

Discuss this in our Forums!
 

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either