|
|
|
|
|
|
by tptacek
2056 days ago
|
|
|
Zerodium is not generally paying out $2MM for vulnerabilities and the people who acquire vulnerabilities from Zerodium aren't monetizing them directly off the installed base of phones. An important thing to know about the market for these things is that the "clearing price" of an exploit chain is usually a cap, not an actual price; you're paid in tranches, until the vulnerability is burned. You're hoping it isn't burned before all your tranches are paid. That has implications for the hypothetical business model you've proposed. |
|
|