Cyber: Ignore the Penetration Testers
the grugq

An interesting article, however I would like to point out a major flaw in the cost calculation:

The problem with the cost calculation, is that you are using USA free-market salary, which might be accurate for NSA hackers, or private intelligence firms located in the USA. However much of the APT teams are located in far less developed countries and many are employed by the local governments army, I am not sure how much the Chinese army pays for a (soldier) exploit writer, but presuming it is not far different from any other soldier, so a good estimation of salary would be around 6000 USD a year[1](the numbers for the Russian army similar[2]) 
So that 2,000,000$ quickly shrinks to around 100,000$, and if you consider the fact that the same team will probably attack more than one target, the actual hack cost per target gets even lower.

[1] Chinese army salary


Like what you read? Give bluebunny a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.