On 10/15/18, Ryan Carboni <ryacko@gmail.com> wrote:
Many Zerodium prices have increased by ten thousand last month. Decrementing public Project Zero bug index IDs reveals that for this year, there has been an average of ten bugs per month.
Project Zero has revealed itself. The price for hacking should be $100,000 for servers, and $10,000 for SOHO.
Even at $1k each, would need a much bigger pot to find all the bugs. Automation is helping a lot.
Although I have only one complaint: Project Zero hasn’t examined busybox or toybox, as far as I can tell.
Or the crunchgen (ie: /rescue, etc) system of at least FreeBSD, which is full, unlike busybox / toybox somewhat reduced functionality versions, and implemented before busybox first release. https://www.freebsd.org/cgi/man.cgi?query=crunchgen https://cvsweb.openbsd.org/src/share/misc/license.template?rev=HEAD https://landley.net/toybox/license.html https://landley.net/toybox/about.html https://www.freebsd.org/cgi/man.cgi?query=build