In the beginning, Sabien’s team started scanning BugTraq, taking the bug discoveries that hackers were volunteering for free and tweaking them slightly before baking them into their own exploit. But eventually they started reaching out to hackers on the forums directly, inquiring whether they’d be willing to develop something unique for Sabien’s customers and never tell a soul. The money provided plenty of incentive. In the mid-1990s, government agencies paid contractors roughly $1 million for a set of ten zero-day exploits. Sabien’s team would budget half that to buy bugs and then develop
...more
