IDEAS home Printed from https://ideas.repec.org/a/taf/rcybxx/v4y2019i1p60-71.html
   My bibliography  Save this article

A zero-sum game: the zero-day market in 2018

Author

Listed:
  • Joss Meakins

Abstract

The most recent overview of white and grey markets in the zero-day trade was published in 2015 and much new evidence has since emerged. By examining data from bug bounty platforms, newly published pricelists and Russian language reporting, I aim to produce an updated picture of prices, market dynamics and policy implications. Analysis of the white market indicates that generally higher supply and demand is increasing prices, as more zero-days are found and organisations become more aware of the costs of breaches. Nevertheless, factors other than supply and demand shape the market, crucially the impetus among researchers to work for non-monetary rewards. Prices in the grey market also seem to be increasing, with comparisons of public price lists showing that zero-days affecting mobile operating systems, particularly iOS, were most valuable. Furthermore, recent evidence implies the existence of a grey market in Russia which is analysed below. Finally, this paper proposes three policy recommendations to mitigate the risk from zero-days, particularly as the Internet of Things comes to fruition. Secure software development, improving vulnerability disclosure legislation and establishing mechanisms for governments to decide what to do with the zero-days they find are all vital to reducing the current threat.

Suggested Citation

  • Joss Meakins, 2019. "A zero-sum game: the zero-day market in 2018," Journal of Cyber Policy, Taylor & Francis Journals, vol. 4(1), pages 60-71, January.
    • Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:60-71
    DOI: 10.1080/23738871.2018.1546883
    as

    Download full text from publisher

    File URL: http://hdl.handle.net/10.1080/23738871.2018.1546883
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1080/23738871.2018.1546883?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:60-71. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Longhurst (email available below). General contact details of provider: http://www.tandfonline.com/rcyb .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.