How To Go Broke Selling Zero-Day Exploits 66
Trailrunner7 writes "Despite all of the hand-wringing and moral posturing about the public sale of security vulnerabilities, it turns out that not many people are buying or selling vulns, and the ones who are aren't making much money at it. A new survey of security researchers who sell vulnerabilities either publicly or in private, directed sales found that the vast majority of the flaws sell for less than $5,000. Almost none of them sell for much more than $10,000. At those prices, there's little chance that this is going to turn into the chaotic Wild West marketplace that some people predicted. It's a small, mostly controlled market that isn't making anyone rich."
The ones getting rich... (Score:5, Interesting)
...are the ones who aren't selling the exploits they find.
Not much market, if others know you have it (Score:4, Interesting)
Re:Not such good news, really (Score:2, Interesting)
Re:Not such good news, really (Score:3, Interesting)
$5,000-$10,000 per exploit, tax-free? This seems like nothing to you?
Depends how much work and time you had to put into it. You won't come up with a new 0-day every day ...