Issue No.06 - November/December (2007 vol.5)
David McKinney , Symantec
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2007.180
The commoditization of bugs is a long-standing tradition in the software industry. It started when companies began offering a cash incentive for each critical bug a developer squashed. This practice of attaching intrinsic monetary value to bugs is the spiritual predecessor of the "pure" vulnerability markets that this article discusses.
attack trends, bug commoditization, vulnerability markets
David McKinney, "Vulnerability Bazaar", IEEE Security & Privacy, vol.5, no. 6, pp. 69-73, November/December 2007, doi:10.1109/MSP.2007.180