|
|
|
|
|
|
by tptacek
3627 days ago
|
|
|
No, there isn't. Even the people who participate in the grey market for exploits (sales that aren't overtly prohibited by law and for which participation would be unlikely to make you an accessory to a felony) are very quiet about it. But, a good starting point might be the analyses people have done on the Hacking Team leak. |
|
|
To me, the latter seem like a much more obviously good idea than the former. Notably, issues of somebody going out of scope- like the Facebook issue a while back- mostly disappear. Bounties on things like Chrome seem to be almost drama-free; the worst possible case, aside from somebody 0-daying a bug out of anger, is somebody not getting paid.