According to Suffolk, who cited two Forbes articles, "Meet the Hackers who sell Spies the tools to crack your PC (and get paid six figure fees)" and "Shopping for Zero Days: A Price List for Hacker's Secret Software Exploits", there is a vibrant industry in identifying and selling zero-day exploits. These are attacks on security vulnerabilities which happen as soon as those vulnerabilities are discovered.
"In fact, the articles indicated that governments around the world are frequently the purchasers of zero-day exploits and that large defence contractors also buy and sell zero-day exploits," he wrote. "If governments are indeed involved in the acquisition of zero-day exploits or are developing attack software, such as Flame and Stuxnet, the phrase `what we sow we reap' springs to mind."
Sign up for Computerworld eNewsletters.