[Owasp-portland] Antivirus in the Enterprise - Is it dead yet?

• Previous message: [OWASP-Portland] [Owasp-portland] Antivirus in the Enterprise - Is it dead yet?
• Next message: [Owasp-portland] Owasp-portland Digest, Vol 57, Issue 2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi again,

As a quick follow up, some data on what AV exploits might fetch in the
grey market:
  https://zerodium.com/program.html

They list up to $40,000 for remote code execution or local privilege
escalation for AV bugs.  That's for a fully working push-button
exploit. Suppose a talented person requires a full month of testing to
find one RCE.  Then spends another month of work to develop a
weaponized exploit.  That's still a healthy annual paycheck
(~$240000), and I know a number of researchers that now work
exclusively on bug bounties like this.  This may be a reason we don't
hear about a lot more vulnerabilities these days.  Of course many bugs
don't require nearly that much time for exploit development and
Tavis/Joxean found many more than that with much less search time. 

tim

• Previous message: [OWASP-Portland] [Owasp-portland] Antivirus in the Enterprise - Is it dead yet?
• Next message: [Owasp-portland] Owasp-portland Digest, Vol 57, Issue 2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]