|
|
|
|
|
|
by benmmurphy
3882 days ago
|
|
|
There are two big issues I see: 1) trust problems between the seller and the buyer. either the seller needs to trust that the buyer will deliver a working exploit or the seller will give the chance for the buyer to evaluate and the seller then needs to trust that the buyer won't steal the vulnerability. 2) issues of access. sellers don't know how to get in touch with buyers. Also, some buyers may want to purchase an exploit library instead of negotiating for each sale and middleman can offer value here. Also it is possible zerodium offered over the market value (or over what the usually pay) in this situation in order to generate publicity. Other companies that buy vulnerabilities have offered larger one off bounties in the past. |
|
|