Vulnerabilities have a market value
Charlie Miller hacks browsers, and I suppose other web techs, but this little tidbit from our title shows a bit of the future. He works for Independent Security Evaluators, and in this ZDNet articles points the way forward for exploitists.
I have a new campaign. It’s called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away. Apple pays people to do the same job, so we know there’s value to this work. No more free bugs.
And this note:
I actually found this bug before last year’s Pwn2Own but, at the time, it was harder to exploit. I came to CanSecWest last year with two bugs but only one exploit. Last year, you could only win once so I saved the second bug.
We always knew hackers were smart, but Charlie proves they are also business savvy. Cheers to you Mr. Miller for turning the tables ever so slightly. You may piss off the elite hackerati, but I endorse your entrepenural spirit.