One of the first hints of the free-market commercialization of zero days appeared in December 2005, when a seller named “fearwall” posted a zero-day vulnerability for sale on eBay and sparked fears that legitimate security researchers and bug hunters would soon go the way of mercenaries and sell their skills and wares to the highest bidder instead of handing information about software holes over to vendors to be fixed. Before putting his Windows Excel zero day on the auction block, fearwall did disclose information about the vulnerability to Microsoft, as “responsible” researchers were
...more
