|
|
|
|
|
|
by tptacek
726 days ago
|
|
|
Serious Chrome and iPhone bug chains can be worth this much on the market, but the amount of engineering effort that goes into supporting that kind of pricing (across all the buyers, aggregated) is extreme. The subthread that unfolds from this comment is about fuzzing, but finding a vulnerability is a small part of actually selling it on the market. Vendor bounties for these kinds of vulnerabilities are going to tend to be sharply lower than this crypto bounty, which was for a directly monetizable vulnerability. But there's a lot going into that vendor bounty price point. |
|
|