The Companies who deal in Hacks

While Hacking Team’s story continues to roll, we are hearing more and more about private companies who are merchants of hacks. One of the newest players in the field is a startup called Zerodium. And as it name suggests, it specializes in acquiring zero-day exploits, and then selling them off.

The Companies who deal in Hacks

The start-up is backed by Vupen, the French vulnerability dealer that has often drawn controversy for brokering exploits to the highest bidder.

It works very simply by offering 3 times the price that companies would usually pay for finding holes & exploits in their products. It will essentially function like a third-party bug bounty program, rewarding independent researchers for their zero-day discoveries. From there, it will analyze, document and report the findings to its clients (organizations and governments), “along with protective measures and security recommendations.”

i.e., it will pay a researcher more for an exploit for Google Chrome than Google will. And presumably, with no intention of ever informing Google—or Google’s users—of the issue.

More here: Controversial Zero-Day Exploits Seller Launches New 'Premium' Bug Bounty Program