Poll: Do You Love Or Loathe Zero-Day Exploit Merchants?
Exploit sellers are dividing the security industry, but which side do you fall on? Let us know in this poll
Zero-day exploit merchants – those who sell information on vulnerabilities and tools for taking advantage of them for significant sums of money – are a controversial bunch.
They’ve had many criticisms levelled at them. They’re merchants of death, said notable privacy campaigner Christopher Soghoian. They sell “burglary tools”, said the University of Cambridge’s Professor Ross Anderson.
Bad for security?
The main argument against them is that by selling at high prices – as much as £500,000 for one exploit – to government organisations, and not informing vendors, they are not only fanning the flames of cyber war, they are denying security for the 99 percent. They know about flaws in widely-used software and don’t want them to be patched, their enemies claim.
According to Anderson, exploit sellers are infiltrating open source software development, placing bugs in purposefully, only to highlight them when the product is generally available. They point out the flaw they created and earn money from it. If that’s happening, that is terrible news for security.
But exploit sellers have been biting back recently. At their opponents, at journalists and even at themselves. In our report on the market, the sellers said the talk of dirtying open source software was nonsense. And they claimed they were only benefiting the security world by finding vulnerabilities.
But what do you think of them? Would you buy from them, or are they just too expensive? Let us know by voting below!