Ordering platform for exploits

Ordering platform for exploits

In the vulnerability exploit marketplace hub known as penetration testers can now announce a bounty for exploits. So far, only the opposite way was possible: Exploit developers could offer their demo programs pentester interested to buy - similar to an eBay for exploits. The pentester use exploits to test the vulnerability of systems to their clients. Exploit the hub may only exploits for unpatched vulnerabilities are already traded.

To stimulate the reward system, the NSS Labs has even exploit vulnerabilities in Internet Explorer for ten and two advertised in Adobe Flash for investigation. It applies the principle "first come, first served": the first entrant gets the exploits of a functioning monetary bonus. The need to exploit to inject code into vulnerable systems.

The action already appears to bear fruit: the two flash holes have disappeared from the wanted list. Continue to exploit developers use the platform to deliver their code to a user-selected purchase price. The operator of this NSS collects a commission of 30 percent.

Anyone who has discovered a gap, should directly contact the manufacturer. Mozilla and Google reward this with up to 3133.7 U.S. dollars. Alternatively, there are offerings like the Zero Day Initiative (ZDI), TippingPoint, can at the bow hunters a fee was previously unknown vulnerabilities Register. TippingPoint provides the information and then on to the manufacturers concerned and prepares its intrusion-prevention systems to the threat.