Tag Archives: Dancho Danchev

This blog is pretty!

Ran across a post on Dancho Danchev’s blog about information visualization. I’ve seen these types of graphical renderings/representations of everything from “the internet” to web sites. In the past they have been part of presentations or been created with tools that weren’t public. Now, Texone is offering an online applet that will render an image based on your site. Putting in “osvdb.org/blog” and letting it go for a while created this pretty picture. To be fair, it crawled well past OSVDB. I don’t think we’re pretty by ourselves.

osvdb-tree

Where’s my 0day, please?

Where’s my 0day, please?
Tuesday, March 07, 2006
Dancho Danchev

A site I was recently monitoring disappeared these days, so I feel it’s about time I blog on this case. I have been talking about the emerging market for software vulnerabilities for quite some time, and it’s quite a success to come across that the concept has been happening right there in front of us.

[..]

As there’s been already emerging competition between different infomediaries that purchase vulnerabilities information and pay the researchers, researchers themselves are getting more and more interested in hearing from “multiple parties”. Turning vulnerability research, and its actual findings into an IP, and offering financial incentives is tricky, and no pioneers are needed in here!

Vulnerability Markets

There has been a steady stream of papers and research examining the market for vulnerabilities. Countless people have blogged on it in passing and more people are starting to take interest in it for many reasons. Here are a couple papers (courtesy of Danchev’s blog) that cover the issue. When I find time, I hope to dig up links to others I have seen mentioned, as well as dig into the footnotes of these.

Vulnerability Markets: What is the economic value of a zero-day exploit?
Rainer Bohme – Dec 27, 2005

Market for Software Vulnerabilities? Think Again
Karthik Kanna, Rahul Telang – Dec 12, 2004

An Economic Analysis of Market for Software Vulnerabilities
Karthik Kanna, Rahul Telang – May 3, 2004

Follow

Get every new post delivered to your Inbox.

Join 4,759 other followers