July 29, 2016

Ari Schwartz discusses zero-day markets with FedScoop

1 min

Venable managing director of cybersecurity services Ari Schwartz was quoted in a July 29, 2016 FedScoop article on zero-day markets, a business focused on the indiscriminate selling of undisclosed security flaws. The markets exist in a legal grey zone and a recent research paper recommended five ways to mitigate existing regulatory and security concerns. One recommendation was for the federal government to minimize its participation in the markets despite being one of their bigger customers.

"The economics of the zero-day market are not good for security. Period. If we mess with that a little bit and the market changes to some degree then that may not be for the worse," said Schwartz. He recommended that government find vulnerabilities themselves and disclose them to companies. "I think that would really weaken the market for zero-days even more," he said. "Our government has the ability to find their own [zero-days], so I think they probably won’t purchase as many in the future."