Issue No. 06 - November/December (2007 vol. 5)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2007.180
David McKinney , Symantec
The commoditization of bugs is a long-standing tradition in the software industry. It started when companies began offering a cash incentive for each critical bug a developer squashed. This practice of attaching intrinsic monetary value to bugs is the spiritual predecessor of the "pure" vulnerability markets that this article discusses.
attack trends, bug commoditization, vulnerability markets
D. McKinney, "Vulnerability Bazaar," in IEEE Security & Privacy, vol. 5, no. , pp. 69-73, 2007.