Throwing money at bug bounties won’t beat zero-day dark markets
The first academic study into the market for zero-day flaws has shown some surprising results, not least that throwing money at ever-larger bug bounty payouts might well be counterproductive.
The research – which was carried out by MIT principal research scientist Michael Siegel and Katie Moussouris, chief policy officer of bug bounty organizer HackerOne – traced the dynamics of the market for zero-day flaws by monitoring the activities both of crooks who collect vulnerabilities for attacks and researchers who report them to increase software defences.
Tags:
Read more: Throwing money at bug bounties won’t beat zero-day dark markets
Story added 22. April 2015, content source with full text you can find at link above.