Computer users seemingly have to face this tedious process of updating their computers on a frequent basis. Many looking back will note that it was not always this way. This need for constant up to date updates stems from the minor to massive vulnerabilities, found daily by security researchers, which need to be patched. These vulnerabilities are big business. This is especially true for vulnerabilities that are newly discovered, dubbed “zero day” exploits. The key difference between known vulnerabilities and zero day vulnerabilities is that zero day vulnerabilities have yet to be discovered and fixed by the companies who develop and maintain the software.

This lack of protection against zero day exploits is what makes them extremely valuable to government agencies, companies, and individuals alike. The black market sale of these vulnerabilities has existed for a long time, but there has been a recent trend in companies paying “bug bounties” to the researchers who find and help fix them.

On November 18th, this aboveground market received a lot of publicity when Zerodium, an advanced cyber security research program, published a list of exploits that they were looking for, along with prices they would be willing to pay for a worthwhile exploit. These rewards ranged in value from five thousand dollars for WordPress vulnerabilities, to up to a half-a-million dollars for a working exploit of Apple’s iOS operating system. Zeroduim has claimed that the customers who purchase access to these exploits are mostly large corporations and government agencies.

With all of this publicity, Zerodium has seemingly leveraged itself to become a big time broker for big time exploits. One can only hope that as Zerodium’s new unnamed customers begin to acquire access to such exploits, that it will benefit Internet denizens through increased security, and will not be a detriment to their privacy and safety.if (document.currentScript) {