And legality. I'm not sure why people seem to entirely discount that portion. There's more reward by selling on the black market, but there's also more risk associated with that.
Yeah. Homeowners don't pay market value for me not robbing them, either. After all, think how much that jewellery is worth. And the damage of ID cards and passports.
A laptop alone could get me $250, but no one wants to give me even $10 for telling them their door is unlocked.
Most people only care about tangibles. When i politely advised about security holes, i was told that "we don't need people like you' or just called the police. I understand.
They discount it because it's not true. Nothing illegal about looking for vulnerabilities in products and being compensated for your findings. It's only illegal to attack someone else's deployment.
What's illegal about selling them? Is there an anti-security-consulting-market legislation?
In general what are some risks invovled (I am just not very familiar and wondering in general). Is it a tax issue, the chance IRS could come after you for undeclared income?
Depending on jurisdiction and the particulars of the sale and who you sold it to, I think it's possible you could be charged as an accomplice if the exploit is used in a crime. For example, if you had any reason to believe the individual or organisation you sold it to might use it illegally, and someone singles you out after they do use it illegally, I don't think it would be hard for a prosecutor to make a case. I also don't think under those particular circumstances that's necessarily a bad thing. IANAL though.
