This graphic at the Economist:
made me think of an alternative to brokers for zero day exploits, a Zero Day Lottery!
Take a known reliable source of zero day exploits like “the Grugq” (see: Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits and setup a weekly lottery for zero day exploits.
Every week without a winner, rolls another zero day exploit into the final prize package.
Would have to work out the details but authors of zero day exploits included in the prize would share in some percentage of the cash spent on lottery tickets.
The runner of the lottery should get say 20% of the bets with some percentage of the remaining funds being used for contests to develop zero day exploits.
Same principles apply for a Leaker’s Lottery!
Except there some of the proceeds for a leak would be split among the leakers.
Could you be a news or government agency and refuse to buy a ticket?
Or even a large block of tickets?
Consider what the Pentagon Papers would have attracted as a lottery prize.
Zero Day / Leakers Lotteries have the potential to put hacking/leaking on a firm financial basis.
Interested?
[…] in case you are thinking about a leaking lottery like I mentioned the other […]
Pingback by ‘Strongbox’ for Leakers Offers Imperfect Anonymity « Another Word For It — May 29, 2013 @ 4:20 pm