Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: rajat swarup (rajatsgmail.com)
Date: Thu May 20 2010 - 11:43:17 CDT
On Wed, May 19, 2010 at 1:33 PM, Jason Syversen
> There's a good survey of the 0-day vulnerabilities market with breakdowns by
> vendor including pricing, trustworthiness and friendliness posted online at
> (thanks to reversemode RT nrathaus).
> I went through the survey and did some analysis of average prices by client
> side vulnerabilities, server side vulnerabilities and both as well as
> percentage of purchases that are "high value" and off the survey charts:
> Also some good reading material in an older post
> including some of the groups advertising research, Pedram's excellent
> briefing on the market and some other papers.
> Hadn't seen that information disseminated widely and thought there would be
> interest. I'm always interested in quantifying more of what's going on in
> the community and particularly in computer security markets like this one
> that tend to be extremely opaque. Hopefully more people will fill out his
> survey so there is improved statistical sampling. I suspect the current
> margin of error is workable but definitely not negligible. Enjoy.
Both Google & Mozilla Foundation were not even a part of this. They
also pay researchers for 0-days in their products (Chrome & Firefox).
I guess these include just the resellers and not in-house purchasers
(or they could be included under "direct to buyer" category).
Dailydave mailing list