Thursday, July 12, 2007

Zero vulnerabilities goes on auction at WSLabi

I was directed to WSLabi or WabiSabiLabi.com (pronounced wobby-sobby-lobby) by Brian Krebs on Computer Security (Security Fix Blog) on Washington post. In addition to the blog post, he has also written an article "Site Plans to Sell Hacks to Highest Bidder", yes alarming! But may be we should hold our horses a while, it is born out of the idea of helping out security researchers that do all the work in discovering all these vulnerabilities.
From WSLABI news release;
"A revolution in the way security research is handled and reported has occurred! WSLabi (www.wslabi.com), a neutral vendor independent Swiss laboratory, has launched a new international security research exchange. This exchange will create a portal where researchers, security vendors and software companies can interact in an open market to enable researchers to obtain the correct value for their findings. The exchange will become a global database of every IT security research ever found.

According to Herman Zampariolo, CEO of WSLabi, We decided to set up this portal for selling security research because although there are many researchers out there who discover vulnerabilities very few of them are able or willing to report it to the right people due to the fear of being exploited. Recently it was reported that although researchers had analyzed a little more than 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be as high as 139,362 per year. Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals."

No comments: