How To Go Broke Selling Zero-Day Exploits

Trailrunner7 writes "Despite all of the hand-wringing and moral posturing about the public sale of security vulnerabilities, it turns out that not many people are buying or selling vulns, and the ones who are aren't making much money at it. A new survey of security researchers who sell vulnerabilities either publicly or in private, directed sales found that the vast majority of the flaws sell for less than $5,000. Almost none of them sell for much more than $10,000. At those prices, there's little chance that this is going to turn into the chaotic Wild West marketplace that some people predicted. It's a small, mostly controlled market that isn't making anyone rich."

The ones getting rich...

[ShaunC]

...are the ones who aren't selling the exploits they find.

Not much market, if others know you have it

[hAckz0r]

All the agencies/Governments that want that kind of information invest far more time, money, and energy doing the same thing, and they have all their own experts. In fact, the 'sellers' of this kind of information may be 'giving it away for free' and not even know they have been 'visited'. Why pay for what you can get for free?

Re:Not such good news, really

[zephvark]

$5,000-$10,000 per exploit, tax-free? This seems like nothing to you? Man... I think you need to get out of your parents' basement more often. Start slowly, or you're going to wind up with an ear-to-ear grin in an alleyway, minus your iPhone and Nikes.

Re:Not such good news, really

[buchner.johannes]

$5,000-$10,000 per exploit, tax-free? This seems like nothing to you?

Depends how much work and time you had to put into it. You won't come up with a new 0-day every day ...