Inside the black market 'bug trade'

Better code the only ammunition against black market software vulnerabilities

Some companies even offer rewards for "white hat" hackers who discover and report bugs in their software. Rice cited Mozilla's recent program which offered a US$500 bounty and a t-shirt to anyone who successfully spotted a bug in the FireFox Web browser. Dishing out even larger rewards, he said, may also be an effective way to alleviate the black market -- but it will take much bigger bounties to encourage widespread, ethical reporting.

"The rewards being offered won't stray too many hackers away from the hundreds of thousands a month they can make on the black market," he said.

Another point to be aware of, according to Rice, is that most attackers will target lower level employees instead of risking detecting by going after the top level executives.

"E-mails that go after the personal assistants of the board members are likely to be more effective," Rice said. "Executives and assistants often share their passwords and have the same level of access, so e-mails that target these employees are more effective."

With files from Jaikumar Vijayan, Computerworld (US online)

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about GartneriDefenseMcAfee AustraliaMozillaOpen MarketPLUSSymantecTippingPointTippingPointWebrootWebroot Software

Show Comments