I have an admittedly limited view of the exploit dev world. However, from what I’ve seen devs have very few options: (Please correct me if I’m wrong)
Responsible Disclosure Direct Contact => depending on the size of the vendor and their view on security, this could result in anything from a simple thanks, a reward, to a court hearing. Exploit Broker => possibly sell, possibly not, depends on the broker.![]()
![]()
![]()
![]()
![]()
↧