Summary: Zero-days: rising to emerging threats
Writing code is tough. Endeavouring to catch every bug before it makes it into production requires real commitment from an organisation, but its necessary to counter the rise of the professional and semi-professional hacker.
Previously, there were two options for researchers who discovered bugs that facilitated unauthorised access to a system: publically disclose it, or keep it to yourself. The emergence of vulnerability brokers and bug bounties now offers a third possibility, sell the vulnerability for cash.
This offers a means by which skilled researchers can get rewarded for their many years of training and hard work. In return, the broker gets access to this expertise and receives a zero-day exploit that can be sold on to an end buyer for their own purposes, at least until a patch is released and applied.
This kind of practice is on the rise, and I think there are a couple of factors governing that…Click here to read more