Nytro Posted December 28, 2011 Report Posted December 28, 2011 [h=1]22C3: Vulnerability markets[/h]Speaker: Rainer Böhme What is the economic value of a zero-day exploit?What is the market value of a zero-day exploit?It is evident that information on vulnerabilities and information security threads is very valuable, but the market for it is neither structured nor liquid. This talk combines examples from real world information security business with academic arguments on the pros and cons of vulnerability markets, including vulnerability sharing circles, bug auctions, remote root derivatives, and cyber-insurance.Would we live in a more secure world if every geek could go and sell his exploit at the market price? How could this market eventually be organised? What are the incentives of market participants and where are dangers for conflicts of interest? Join us on a journey to a hypothetical world where information security is entirely melted into finance so that S&P quotes a daily kernel hardness index ...For more information visit: 22C3: Private InvestigationsTo download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network Quote
