The hypocrisy of the zero-day exploit trade

In the high-priced market of exploit sales, developers resist government regulations -- but are more than happy when one wants to open its coffers to them.

The debate around the sale of vulnerabilities and exploits is again playing out within the security community, and this time it comes with a new twist.

It's really an old debate, one which heated up in 2009 when a group of well-known researchers announced their "No More Free Bugs" intention to the crowd at the annual CanSecWest hacker show in Vancouver. At the time, Dino Dai Zovi, Alex Sotirov and Charlie Miller, annoyed that vulnerability hunters weren't being properly compensated for their discoveries, reacted, in true capitalistic spirit, by telling the world that they just want to get paid.