Premium Content

Access "Private market growing for zero-day exploits and vulnerabilities "

Robert Lemos, Contributor Published: 27 Nov 2012

In 2011, vulnerability researcher Luigi Auriemma discovered more than six dozen vulnerabilities in a variety of enterprise software packages, selling each software bug for a modest bounty to the Zero Day Initiative, a group set up by TippingPoint, and now a subsidiary of Hewlett-Packard. A well-known white-market buyer for software vulnerabilities, HP’s TippingPoint, uses the information to protect its customers while working with the vendor whose software is affected to close the security hole. While the company does not disclose how much it pays researchers, payments typically fall between $1,000 and $5,000, with most less than $2,000, according to sources. Yet, with penetration testers, industrial spies, law enforcement, intelligence agencies and the military all looking for exploits to undisclosed flaws to fuel their cyber-operations, such modest bounties are no longer the incentive they once were. Vulnerability researchers, once starved for a market for their security flaws, now have new options. Aureimma, for example, partnered with another researcher,... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Unified threat management aspires to the enterprise class
    UTM_big_leagues.png
    E-Handbook

    Unified threat management (UTM) long focused on small and medium-sized businesses, but now it's climbing the ladder and attempting to become ...

  • Threat intelligence and risk: Why cybersecurity hangs in the balance
    ISM_0614.png
    E-Zine

    As more security professionals take on greater roles in global risk management, Global 2000 companies are investing in cybersecurity measures above ...

  • How to respond to the latest distributed denial-of-service attacks
    DDOS_attacks.png
    E-Handbook

    All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't ...