Black hats will not pay you for an exploit that dies quickly once the white hats get your report. White hats will not pay you for an exploit that you fenced to a black hat agency and showed up in the wild.
Black hats will not pay you for an exploit that dies quickly once the white hats get your report. White hats will not pay you for an exploit that you fenced to a black hat agency and showed up in the wild.
> White hats will not pay you for an exploit that you fenced to a black hat agency and showed up in the wild.
...come to think of it, how does that work? Aren't the most important exploits to patch the ones being actively used in the wild?
In other words, how do they avoid someone playing both sides? "I found an exploit being used by the LEETH4X0R malware [which was in fact created by the guy I sold this exploit to] to steal people's gmail cookies."
You'd have to find out about LEETH4X0R before other researchers, but of course, you'd have a head start.
You won't get paid for an in-the-wild exploit.