Momar Diop's Colleagues at Exploit Exchange
Momar Diop's Contact Details
Senegal
Exploit Exchange
Momar Diop's Company Details
Due to society's increasing dependence on information and technology, and the impact privacy and security vulnerabilities now have on our everyday lives, the demand for and price of n-day and zero-day security exploits has reached unprecedented levels. This is primarily attributed to penetration of the exploit supply into this emerging market, which is continuously impeded by nonoptimal stakeholder participation.These market impediments include inadequate proof-of-value and pricing information for stakeholders wishing to conduct an ROI analysis on exploits. In terms of price and value, a local privilege escalation exploit targeting a deprecated operating system is worth significantly less than a remote code execution exploit targeting a ubiquitous operating system that is widely used.In terms of cost-benefit relative to time and effort, security researchers are less likely to pursue the discovery of vulnerabilities having a lower perceived value and more likely to pursue the discovery of vulnerabilities having a higher perceived value. Similarly, vendors are less likely to pursue the remediation of vulnerabilities having a lower perceived value and more likely to pursue the remediation of vulnerabilities having a higher perceived value.Coordinated disclosure services like bug bounty platforms aim to remedy these misaligned incentives, but often fall short. Because of their self-interest to minimize costs and maximize benefits, vendors are naturally incentivized to assess a disclosed vulnerability's risk at a lower level than what a competitive market would. Often times, security researchers are subsequently rewarded a discounted bounty amount, or worse, nothing at all.