Have you seen Tekton? (https://tekton.dev/)
Given how important this topic is, this has to be classed as a very poor article. Maybe 6 paragraphs of news, followed by over twice as much scaremongering and speculation.
Software architecture isn't like that. Nobody has a list of all the software running in every datacenter -- not in any large corporation anywhere in the world, and an API isn't going to change that. And, you can't quit…
That's not necessarily true, there are brokers that are relatively easy to find. It's more risky at a personal level to go into crime though.
It's not morally offensive to profit from the mistakes of a commercial entity. I'd guess that a large portions of companies are ultimately in this class. And, really, dictators don't need help imprisoning dissidents --…
Why wouldn't you just do both? You can get Zerodium to pay you and then go to the 'target' and submit the vuln through their channels. It seems plausible.
Have you seen Tekton? (https://tekton.dev/)
Given how important this topic is, this has to be classed as a very poor article. Maybe 6 paragraphs of news, followed by over twice as much scaremongering and speculation.
Software architecture isn't like that. Nobody has a list of all the software running in every datacenter -- not in any large corporation anywhere in the world, and an API isn't going to change that. And, you can't quit…
That's not necessarily true, there are brokers that are relatively easy to find. It's more risky at a personal level to go into crime though.
It's not morally offensive to profit from the mistakes of a commercial entity. I'd guess that a large portions of companies are ultimately in this class. And, really, dictators don't need help imprisoning dissidents --…
Why wouldn't you just do both? You can get Zerodium to pay you and then go to the 'target' and submit the vuln through their channels. It seems plausible.