[ISN] WabiSabiLabi could abandon vulnerability auction site

From: InfoSec News <alerts_at_private>
Date: Tue, 4 Nov 2008 00:16:53 -0600 (CST)

By Sumner Lemon
IDG news service
30 October 2008

Swiss security company, WabiSabiLabi could close its online marketplace 
for security vulnerabilities. The organisation is look to divert its 
attention to the OneShield unified threat management (UTM) appliances it 
developed with Italian defence company EuroTech.

Last year, WabiSabiLabi opened an online auction site for unpatched 
security vulnerabilities, also called 0days. The company's stated aim 
was to provide a market that would allow independent security 
researchers to earn a living from the vulnerabilities they discover. To 
prevent vulnerabilities from ending up in the hands of criminals, only 
qualified buyers are permitted to use the WabiSabiLabi auction site.

While security companies routinely pay researchers for vulnerabilities 
and then keep this information under wraps, some believe researchers 
should first disclose such vulnerabilities to vendors free and, when a 
patch is released, make details of the vulnerability publicly available, 
a practice known in the security community as ethical disclosure.

In the end, security researchers recognised the value of having an 
auction site like WabiSabiLabi, but very few buyers proved willing to 
use the site, said Roberto Preatoni, an Italian security consultant and 
WabiSabiLabi's director of strategy.

"It didn't work very well. The marketplace was too far ahead of its 
time," he said, adding that a final decision on the fate of the 
marketplace has yet to be reached.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Mon Nov 03 2008 - 22:16:53 PST

This archive was generated by hypermail 2.2.0 : Mon Nov 03 2008 - 22:24:00 PST