A zero-sum game: the zero-day market in 2018. Issue 1 (2nd January 2019)
- Record Type:
- Journal Article
- Title:
- A zero-sum game: the zero-day market in 2018. Issue 1 (2nd January 2019)
- Main Title:
- A zero-sum game: the zero-day market in 2018
- Authors:
- Meakins, Joss
- Abstract:
- ABSTRACT: The most recent overview of white and grey markets in the zero-day trade was published in 2015 and much new evidence has since emerged. By examining data from bug bounty platforms, newly published pricelists and Russian language reporting, I aim to produce an updated picture of prices, market dynamics and policy implications. Analysis of the white market indicates that generally higher supply and demand is increasing prices, as more zero-days are found and organisations become more aware of the costs of breaches. Nevertheless, factors other than supply and demand shape the market, crucially the impetus among researchers to work for non-monetary rewards. Prices in the grey market also seem to be increasing, with comparisons of public price lists showing that zero-days affecting mobile operating systems, particularly iOS, were most valuable. Furthermore, recent evidence implies the existence of a grey market in Russia which is analysed below. Finally, this paper proposes three policy recommendations to mitigate the risk from zero-days, particularly as the Internet of Things comes to fruition. Secure software development, improving vulnerability disclosure legislation and establishing mechanisms for governments to decide what to do with the zero-days they find are all vital to reducing the current threat.
- Is Part Of:
- Journal of cyber policy. Volume 4:Issue 1(2019)
- Journal:
- Journal of cyber policy
- Issue:
- Volume 4:Issue 1(2019)
- Issue Display:
- Volume 4, Issue 1 (2019)
- Year:
- 2019
- Volume:
- 4
- Issue:
- 1
- Issue Sort Value:
- 2019-0004-0001-0000
- Page Start:
- 60
- Page End:
- 71
- Publication Date:
- 2019-01-02
- Subjects:
- Zero-day -- exploit -- software vulnerability -- white market -- grey market
Cyberspace -- Periodicals
Internet -- Periodicals
Cyber intelligence (Computer security) -- Periodicals
004.6 - Journal URLs:
- http://www.tandfonline.com/ ↗
http://www.tandfonline.com/toc/rcyb20/current ↗ - DOI:
- 10.1080/23738871.2018.1546883 ↗
- Languages:
- English
- ISSNs:
- 2373-8871
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 10162.xml