The market value of Heartbleed
In dollars, how much was Heartbleed worth to Codenomicon? How much would it have been worth to a blackhat?
If a blackhat discovered Heartbleed or an equivalent vulnerability, wouldn't they just use it secretly?
Assuming Heartbleed is worth much more to a blackhat and a blackhat would have exploited it secretly, the scariest part about Heartbleed is that it should change our estimate of how many equivalent vulnerabilities there are in the hands of blackhats.
(A weakness with this argument is that the market in vulnerabilities might not be liquid, but that doesn't change this analysis very much.)
No comments yet.