A New Security Paradigms Workshop (2013) panel discussed the topic of ethical issues and implications related to markets for zero-day exploits, i.e., markets facilitating the sale of previously unknown details on how to exploit software vulnerabilities in target applications or systems. The related topic of vulnerability rewards programs ("bug bounties" offered by software vendors) was also discussed. This note provides selected background material submitted prior to the panel presentation, and summarizes discussion resulting from the input of both the panelists and NSPW participants. Copyright is held by the owner/author(s).

Additional Metadata
Keywords Exploits, Security economics, Vulnerabilities
Persistent URL dx.doi.org/10.1145/2535813.2535818
Conference 2013 New Security Paradigms Workshop, NSPW 2013
Citation
Egelman, S. (Serge), Herley, C. (Cormac), & Van Oorschot, P. (2013). Markets for zero-day exploits: Ethics and implications. Presented at the 2013 New Security Paradigms Workshop, NSPW 2013. doi:10.1145/2535813.2535818