Comment by ufmace
2 months ago
There's an easy way to put your money where your mouth is here. Just offer $11k for this or similar vulnerabilities out of your own pocket, and then resell them. If there really is a large and active market for this at higher dollar values, you'll make a killing!
Sure is funny there's nobody doing that despite so many people being so dead certain there's an active market.
If I did, would you know?
And if I did, it wouldn’t stop people from doing co-ordinated disclosure either, would it? Same with high end exploits - some folks do co-ord disclosure because it feels good and is great for your CV; others sell gray market and we generally have no idea what’s being traded.
(With the exception of say, zerodium or 0xcharlie’s various talks)
Which of "0xcharlie's various talks" addresses the likelihood of your being able sell a web authz information leak bug on a Google site for bitcoin?