EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A zero-sum game: the zero-day market in 2018

Joss Meakins

Journal of Cyber Policy, 2019, vol. 4, issue 1, 60-71

Abstract: The most recent overview of white and grey markets in the zero-day trade was published in 2015 and much new evidence has since emerged. By examining data from bug bounty platforms, newly published pricelists and Russian language reporting, I aim to produce an updated picture of prices, market dynamics and policy implications. Analysis of the white market indicates that generally higher supply and demand is increasing prices, as more zero-days are found and organisations become more aware of the costs of breaches. Nevertheless, factors other than supply and demand shape the market, crucially the impetus among researchers to work for non-monetary rewards. Prices in the grey market also seem to be increasing, with comparisons of public price lists showing that zero-days affecting mobile operating systems, particularly iOS, were most valuable. Furthermore, recent evidence implies the existence of a grey market in Russia which is analysed below. Finally, this paper proposes three policy recommendations to mitigate the risk from zero-days, particularly as the Internet of Things comes to fruition. Secure software development, improving vulnerability disclosure legislation and establishing mechanisms for governments to decide what to do with the zero-days they find are all vital to reducing the current threat.

Date: 2019
References: Add references at CitEc
Citations:

Downloads: (external link)
http://hdl.handle.net/10.1080/23738871.2018.1546883 (text/html)
Access to full text is restricted to subscribers.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:taf:rcybxx:v:4:y:2019:i:1:p:60-71

Ordering information: This journal article can be ordered from
http://www.tandfonline.com/pricing/journal/rcyb20

DOI: 10.1080/23738871.2018.1546883

Access Statistics for this article

Journal of Cyber Policy is currently edited by Emily Taylor

More articles in Journal of Cyber Policy from Taylor & Francis Journals
Bibliographic data for series maintained by Chris Longhurst ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:taf:rcybxx:v:4:y:2019:i:1:p:60-71