Access "Private market growing for zero-day exploits and vulnerabilities "
This article is part of the Dec. 2012/Volume 14 / No. 10 issue of Market for vulnerability information grows
In 2011, vulnerability researcher Luigi Auriemma discovered more than six dozen vulnerabilities in a variety of enterprise software packages, selling each software bug for a modest bounty to the Zero Day Initiative, a group set up by TippingPoint, and now a subsidiary of Hewlett-Packard. A well-known white-market buyer for software vulnerabilities, HP’s TippingPoint, uses the information to protect its customers while working with the vendor whose software is affected to close the security hole. While the company does not disclose how much it pays researchers, payments typically fall between $1,000 and $5,000, with most less than $2,000, according to sources. Yet, with penetration testers, industrial spies, law enforcement, intelligence agencies and the military all looking for exploits to undisclosed flaws to fuel their cyber-operations, such modest bounties are no longer the incentive they once were. Vulnerability researchers, once starved for a market for their security flaws, now have new options. Aureimma, for example, partnered with another researcher,... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Firm pushes software security testing with fugitive tracking system
by Robert Westervelt, News Director
System that helps law enforcement track down fugitives was tested thoroughly to prove to CTOs and IT teams that the company is serious about security.
-
Critical infrastructure protection hindered by difficulties, experts say
by Robert Westervelt, News Director
Information Security magazine discussed critical infrastructure protection with three experts and explore whether any near-term solutions can be implemented to bolster network defenses.
-
Firm pushes software security testing with fugitive tracking system
by Robert Westervelt, News Director
-
-
Private market growing for zero-day exploits and vulnerabilities
by Robert Lemos, Contributor
Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free.
-
Biometric authentication methods: Comparing smartphone biometrics
by David Jacobs, Contributor
Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.
-
Private market growing for zero-day exploits and vulnerabilities
by Robert Lemos, Contributor
-
Columns
-
Emerging vulnerability markets, mobile biometrics prompt security concerns
by Robert Richardson
Information Security Magazine examines key security concerns in the field of critical infrastructure protection and explores options for mobile biometric authentication because you’ll need to think about a new security strategy as mobile devices outnumber desktops in the enterprise.
-
Chief information security officer skills go beyond customary technical roles
by Matthew Todd
A trusted advisor and a strong communicator and promoter, a good CISO should be a jack-of-all-trades to rally the IT security team to support the business needs by minimizing risk.
-
Marcus Ranum chat: Network threat detection and wireless attacks
by Marcus Ranum
Security expert and Information Security magazine columnist goes one-on-one with Aaron Turner, co-founder of security consulting firm N4Struct.
-
Emerging vulnerability markets, mobile biometrics prompt security concerns
by Robert Richardson
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...