 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
I wrote some about this too: http://weis2007.econinfosec.org/papers/29.pdf I like the idea of a derivative market. Its the only way I've heard where you can make money by dropping 0-days on full disclosure, for example. The drawback is that I know I can make 100k for my IE exploit, but I don't know how much I can make by buying the "IE sucks" derivative. There will only be so many people willing to buy the "IE is rock solid" one and once I start buying up the "IE sucks" one, it will be even harder to make a big score. Charlie On Dec 10, 2008, at 1:40 AM, Thorsten Holz wrote: > On Dec 10, 2008, at 3:19 AM, [EMAIL PROTECTED] wrote: > >> I would appreciate ideas to tie the value of a vulnerability to a >> premium, any >> quants who do security as well ? > > > Rainer Böhme discussed the idea of exploit derivatives and cyber- > insurances in a talk at CCC'05: http://events.ccc.de/congress/2005/fahrplan/events/801.en.html > There is also a paper from the Workshop on the Economics of > Information Security (WEIS 2005), in which Böhme discusses these ideas > in more detail: http://infosecon.net/workshop/pdf/15.pdf > > Pretty interesting concept, but some obstacles need to be taken when > implementing such a market (monoculture, correlation of attacks and > such). > > Cheers, > Thorsten > _______________________________________________ > Dailydave mailing list > [EMAIL PROTECTED] > http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [EMAIL PROTECTED] http://lists.immunitysec.com/mailman/listinfo/dailydave
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.