http://blog.clearnetsec.com/articles/2008/01/31/the-booming-exploit-market-and-bye-bye-to-swaths-of-products en-us 40 <p> There are lots of articles mentioning the <a href="http://www.digitalarmaments.com/challenge200801566321.html">Digital Armaments bounty for exploits</a>. I wrote a <a href="http://blog.clearnetsec.com/articles/2007/12/28/%E2%80%9Cbig-money-big-prizes-i-love-it-%E2%80%9D">snippet</a> on the commercial exploit market about a month ago, whereby I was simply listing the prices for subscribing to the different exploit houses. </p> <p> I guess I forgot to consider another complexity of all this and that is from the influence the organizations who compete to purchase exploits are having (e.g. iDefense, 3COM/TippingPoint, Governments, people and groups w/lots of money). </p> <p> I wonder how extensive this really goes – I mean, it seems this market is in a boom of sorts which implies there are lots of private exploits trading hands. Exactly how many would be interesting to know. Hell, any numbers would be nice. </p> <p> One thing is apparent though, if this market continues to grow then how can any security products based on “knowing attacks” succeed? They won't. An IDS vendor is not going to be able to afford to purchase all; no company will have a monopoly. Thu, 31 Jan 2008 23:50:00 -0700 urn:uuid:656fdeec-7440-4a99-94be-62030c0fa12e tate@ClearNetSec.com (Tate Hansen) http://blog.clearnetsec.com/articles/2008/01/31/the-booming-exploit-market-and-bye-bye-to-swaths-of-products security ClearNet ClearNet Security Tate Hansen ids ips exploits vulnerabilities