Hacker News new | ask | show | jobs
by pcthrowaway 1274 days ago
> You could continue the bug bounty approach, which leads into vuln selling (with the attendant morality questions)

Can you elaborate on this?
1 comments
liquid_stranger 1274 days ago
Look into Zerodium https://zerodium.com/.

They sell exploits to government agencies. They are one of the more legit outfits, but researchers can also sell exploits to NSO style bad actors.

link
pcthrowaway 1274 days ago
I know what Zerodium is, but why does security work "lead to" exploit selling? There are lots of researchers who don't do that.
link