Who am I to disagree : I think the lack of quality only partially has to be accounted to the prices being paid for 0day, 0day in terms of bugs are rarely being presented at conferences. I think the security market has become crowded and noisy, press is jumping more and more on it security over the last 5 years and have not been helping to increase quality but sensationalism. See DNS bug vs. SNMPv3 bug. I also think that time is increasingly getting spare to prepare for such conferences (this implies research) for every researcher there are 5+n consultants. Anyways that's the reason I have not been at BH or Defcon this year - last year really sucked.
PS. The 100k price tag for an SSH 0day is too low by the way.
Update: virustotal-search.py Version 0.1.4 - This new version of virustotal-search.py accepts input from stdin. virustotal-search_V0_1_4.zip (https) MD5: 867D6272792965D11317BFB6308E20A9 SHA256: 8C033...
1 day ago