undefined | Better HN

story

0 pointsargonaut9y ago0 comments

But someone isn't. That's the point. These bugs don't go for $10k on the black market.

0 comments

Never mind the fact that it does matter to a lot of people whether they are committing a crime. Not everyone is a capitalist sociopath.

If someone without a conscience wanted to maximize their profit, they'd probably just sell to both sides.

rl39y ago

That's odd considering the potential monetary damage of such bugs can far exceed $10k.

XMPPwocky9y ago

One can smash a car up with a sledgehammer. Is the value of a sledgehammer equal to the value of a car?

rl39y ago

>Is the value of a sledgehammer equal to the value of a car?

My previous post was poorly worded; I didn't mean to imply equality.

To use your analogy, valuing a serious vulnerability on a platform that has 1.65B users in the $5-10k range is tantamount to selling a 30lb sledge hammer for a dollar.

ponyfleisch9y ago

But what if producing a sledgehammer only cost 50 cents? Then people would sell sledgehammers for a dollar or less.

1 more reply

tptacek9y ago

Stealing this.

dopamean9y ago

Me too. It really gets straight to the point.

colanderman9y ago

The problem with valuing bugs at their damage potential is that the total damage potential of all bugs in any given product is almost certainly magnitudes greater than the total value of the product itself.

j / k navigate · click thread line to collapse

0 comments

peeters9y ago

Never mind the fact that it does matter to a lot of people whether they are committing a crime. Not everyone is a capitalist sociopath.

If someone without a conscience wanted to maximize their profit, they'd probably just sell to both sides.

rl39y ago

That's odd considering the potential monetary damage of such bugs can far exceed $10k.

XMPPwocky9y ago

One can smash a car up with a sledgehammer. Is the value of a sledgehammer equal to the value of a car?

rl39y ago

>Is the value of a sledgehammer equal to the value of a car?

My previous post was poorly worded; I didn't mean to imply equality.

To use your analogy, valuing a serious vulnerability on a platform that has 1.65B users in the $5-10k range is tantamount to selling a 30lb sledge hammer for a dollar.

ponyfleisch9y ago

But what if producing a sledgehammer only cost 50 cents? Then people would sell sledgehammers for a dollar or less.

1 more reply

tptacek9y ago

Stealing this.

dopamean9y ago

Me too. It really gets straight to the point.

colanderman9y ago

j / k navigate · click thread line to collapse