Who am I to disagree : I think the lack of quality only partially has to be accounted to the prices being paid for 0day, 0day in terms of bugs are rarely being presented at conferences. I think the security market has become crowded and noisy, press is jumping more and more on it security over the last 5 years and have not been helping to increase quality but sensationalism. See DNS bug vs. SNMPv3 bug. I also think that time is increasingly getting spare to prepare for such conferences (this implies research) for every researcher there are 5+n consultants. Anyways that's the reason I have not been at BH or Defcon this year - last year really sucked.
PS. The 100k price tag for an SSH 0day is too low by the way.
UK Man Gets Two Years in Jail for Running ‘Titanium Stresser’ Attack-for-Hire Service - A 20-year-old man from the United Kingdom was sentenced to two years in prison today after admitting to operating and selling access to "Titanium Stresser,...
1 hour ago