Forwarded from: security curmudgeon <jericho (at) attrition.org> The one big unanswered question: : Vulnerability auction launches online : Published: 2007-07-06 : : http://www.securityfocus.com/brief/542?ref=rss : : A group of security professionals launched this week what they hope will : become the eBay of security research. : : The Swiss-registered company, WSLabi, boasts that its online portal will : allow researchers to sell vulnerabilities they have discovered to : software companies and other interested parties through an open market. : WSLabi plans to verify the identities and claims of both the buyer and : seller. Already, four software flaws -- including a Linux memory leak : and a flaw in Yahoo! Messenger 8.1 -- are listed on the site and more : than 200 people have registered, according to the firm. http://www.wslabi.com/wabisabilabi/faq.do? Q: What guarantees will you give me about the reliability of the security researches listed on the market place? A: Full guarantee. Every piece of security research is carefully analyzed and replicated in our own laboratories and eventually implemented with our own complementary research material before being placed on the market place. http://www.wslabi.com/wabisabilabi/about.do? WSLabi is also a full service provider of security intelligence to corporations, governments and international organizations. -- Add these up and you have a company that gets full information on the vulnerabilities, and potentially shares it with their clients and/or the government(s), profiting heavily while "only acting as mediators" in the marketplace. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jul 09 2007 - 01:48:27 PDT