Companies such as 3Com's TippingPoint division and VeriSign's iDefense Labs have offered cash for this type of research before, but..
Now a Swiss security firm called WabiSabiLabi has opened a web marketplace for zero-day security vulnerabilities.
According to Herman Zampariolo, CEO of WSLabi, We decided to set up this portal for selling security research because although there are many researchers out there who discover vulnerabilities very few of them are able or willing to report it to the right people due to the fear of being exploited. Recently it was reported that although researchers had analyzed a little more than 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be as high as 139,362 per year. Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals.
Researchers can submit their findings to the exchange once they have registered. WSLabi will then verify the research by analyzing and replicating it at their independent testing laboratories. They will eventually then package the findings with a Proof of Concept; this can then be sold to the marketplace via three methods from the marketplace platform:
- Starting an auction, predefined starting price
- Selling to as many buyers as possible at a fixed price
- Selling it exclusively to one buyer
0 comments:
Post a Comment