Throwing money at bug bounties won’t beat zero-day dark markets

https://regmedia.co.uk/2015/04/22/clint_eastwood.jpg?x=648&y=429&crop=1

The first academic study into the market for zero-day flaws has shown some surprising results, not least that throwing money at ever-larger bug bounty payouts might well be counterproductive.

The research – which was carried out by MIT principal research scientist Michael Siegel and Katie Moussouris, chief policy officer of bug bounty organizer HackerOne – traced the dynamics of the market for zero-day flaws by monitoring the activities both of crooks who collect vulnerabilities for attacks and researchers who report them to increase software defences.

Tags: 

Read more: Throwing money at bug bounties won’t beat zero-day dark markets

Story added 22. April 2015, content source with full text you can find at link above.