Comment by tptacek
2 months ago
Nobody does this. It would be an insane proposition. The vulnerability is going to die very shortly into your attempt to capitalize on it. Businesses have startup costs they have to pay off.
2 months ago
Nobody does this. It would be an insane proposition. The vulnerability is going to die very shortly into your attempt to capitalize on it. Businesses have startup costs they have to pay off.
>Nobody does that.
Sure: https://www.abc.net.au/news/2016-07-01/league-of-legends-que...
He reportedly made $32k and barely avoided jail time... which does not sound to me like the $10k payout is undervalued.
Wouldn't that require, if true, that new revenue streams around exploits aren't generally pursued? It seems like new scams, and variations on old ones around new methods, come about on a somewhat regular basis. And as with any business, there is going to be some speculative work around new "product offerings", so to speak. I'm with you on the idea that they are less valuable, as 'spec work, than something that enhances existing revenue streams in a more predictable way.
You could dump all the data over a matter of weeks, then you’re sitting on a treasure trove that will pay out over 5+ years.
You could sell it non-exclusively to every data broker