The Market for Zero Day Exploits

Paul Rosenzweig
Sunday, March 31, 2013, 2:33 PM
The Economist has an excellent short article on the growing market for zero-day exploits (that is, vulnerabilities in software).  As my friend Chris Soghoian observed there is more information here than ever before in public sources on the zero-day market.  From the introduction:
IT IS a type of software sometimes described as “absolute power” or “God”.

Published by The Lawfare Institute
in Cooperation With
Brookings

The Economist has an excellent short article on the growing market for zero-day exploits (that is, vulnerabilities in software).  As my friend Chris Soghoian observed there is more information here than ever before in public sources on the zero-day market.  From the introduction:
IT IS a type of software sometimes described as “absolute power” or “God”. Small wonder its sales are growing. Packets of computer code, known as “exploits”, allow hackers to infiltrate or even control computers running software in which a design flaw, called a “vulnerability”, has been discovered. Criminal and, to a lesser extent, terror groups purchase exploits on more than two dozen illicit online forums or through at least a dozen clandestine brokers, says Venkatramana Subrahmanian, a University of Maryland expert in these black markets. He likens the transactions to “selling a gun to a criminal”.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare