[MichaelGG]

Please tell me, what do I need to do to sell to nation states? I've found lots of remotely-exploitable (as in root or direct financial gain) in open source and commercial software. Vendors have poor responses[1] so I've stopped disclosing but if I could legally convert them into cash I'd be very interested in knowing how. For now I'm just keeping them because I might decide to open an auditing company some day and they'd be good marketing.

1: Once a company got angry and blamed me for delaying their shipping cycle. Another time they laughed when I suggested their memory corruption might be leveraged for escalation. And another vendor told me "buffer overflows would only happen maybe if you had a very fast network IO".

[x0x0]

here's a profile of a 0-day broker [1] I read a few years ago

[1] http://www.forbes.com/sites/andygreenberg/2012/03/23/shoppin...

[MichaelGG]

I wonder what pricing is like for industry-specific systems. Places where a operational leak can easily cost $$$$$ a month and go rather undetected and certainly not prosecuted.

I suppose that's only valuable to criminals. Sorta like saying knowing someone's bank info can let you steal money - no one legit will pay for it.

[milkshakes]

you could always work for endgame systems