Who am I to disagree : I think the lack of quality only partially has to be accounted to the prices being paid for 0day, 0day in terms of bugs are rarely being presented at conferences. I think the security market has become crowded and noisy, press is jumping more and more on it security over the last 5 years and have not been helping to increase quality but sensationalism. See DNS bug vs. SNMPv3 bug. I also think that time is increasingly getting spare to prepare for such conferences (this implies research) for every researcher there are 5+n consultants. Anyways that's the reason I have not been at BH or Defcon this year - last year really sucked.
PS. The 100k price tag for an SSH 0day is too low by the way.
Quickpost: Enhancing Radare2 Disassembly Listing - I threw a program together to add information to Radare2 disassembly listings: radare2-listing.py. I’m putting it in beta, because I hope there is another ...
59 minutes ago