all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Selling exploits to broker, then reporting to developer?

Add to bookmarks
Jan. 8, 2022, 12:40 a.m. | /u/additionalSpice

cybersecurity www.reddit.com

What stops a security researcher from selling a newly discovered exploit to a company such as Zerodium, receiving their payout, then reporting the vulnerability to the developer?

As I understand, companies such as Zerodium have high anonymity for their submissions (payouts in crypto, etc.), so I can't really see how they can deal with this by, for example, banning submissions from particular users?

In fact, what incentive is there for a security researcher not to do this? Seeing as reporting …

cybersecurity developer exploits reporting selling

Visit resource

More from www.reddit.com / cybersecurity

Update on previous post “best security practices in gaming development” 5 hours ago | www.reddit.com
can ciso cybersecurity engine +10
Should I be learning Cybersecurity on my primary machine? 15 hours ago | www.reddit.com
accounting auditor cybersecurity free +7
QSA Says we Can't Provide Public WiFi 17 hours ago | www.reddit.com
campus can cybersecurity event +13
Chinese Government Poses 'Bold and Unrelenting' Threat to U.S. Critical Infrastructure, FBI Director Says | … 17 hours ago | www.reddit.com
bureau chinese chinese government critical +10
What is best practice to prevent man in the middle compromising emails? 19 hours ago | www.reddit.com
attack best practice caught cybersecurity +13
High School English Teacher to Cybersecurity Engineer - A How-to Guide 19 hours ago | www.reddit.com
cybersecurity engineer guide high +16
Just me, or is every vendor's website awful. WHAT DO YOU ACTUALLY DO? 21 hours ago | www.reddit.com
article customers cybersecurity edr +17
We have Crowdstrike for our EDR. Can we use it as our primary SIEM? 21 hours ago | www.reddit.com
can cons cost crowdstrike +13
Web API Security Champion: Broken Object Level Authorization (OWASP TOP 10) 22 hours ago | www.reddit.com
api api security authorization broken object level authorization +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Security Engineer, Incident Response

@ Databricks | Remote - Netherlands
View on infosec-jobs.com

Associate Vulnerability Engineer - Mid-Atlantic region (Part-Time)

@ GuidePoint Security LLC | Remote in VA, MD, PA, NC, DE, NJ, or DC
View on infosec-jobs.com

Data Security Architect

@ Accenture Federal Services | Washington, DC
View on infosec-jobs.com

Identity Security Administrator

@ SailPoint | Pune, India
View on infosec-jobs.com
View more jobs