You can earn money by uncovering vulnerabilities in a variety of ways.
You can inform the software or hardware manufacturer about the flaw. Many companies have a “Bug Bounty” programme where they reward those who find bugs. It’s the “White Hat” way of doing things. On the black market, you can sell the exploit. If you do this, your exploit will almost certainly be exploited for evil reasons, and you will almost certainly be held criminally accountable for any negative consequences. Such “black hat” purchasers, on the other hand, are prepared to pay top cash for exploits. You can sell the vulnerability to a company like Zerodium or a comparable one. These businesses are referred to as “grey hat.”
Zerodium has a long history of safeguarding their sources. The organisation offers a lucrative reward for high-risk vulnerabilities as well as fully functional and reliable exploits. For example, if you can hack a newer iPhone, you can absolutely sell the hack to Zerodium for a nice seven-figure price.
What happens to the vulnerabilities that Zerodium buys?
Zerodium picks and chooses who they resell vulnerabilities to. Governments and huge military businesses are their consumers, and they are able and ready to pay very high prices for such intelligence. Before disclosing the vulnerability to the end-user/customer, Zerodium’s internal team of researchers analyses, tests, secures, and documents it. Zero-day exploits are notorious for having a short shelf life. Vulnerabilities are eventually discovered and patched. However, those who are the first to notice the achievement will very certainly be able to cash in at Zerodium or similar services.
