http://www.techworld.com/security/news/index.cfm?newsID=106294 By Sumner Lemon IDG news service 30 October 2008 Swiss security company, WabiSabiLabi could close its online marketplace for security vulnerabilities. The organisation is look to divert its attention to the OneShield unified threat management (UTM) appliances it developed with Italian defence company EuroTech. Last year, WabiSabiLabi opened an online auction site for unpatched security vulnerabilities, also called 0days. The company's stated aim was to provide a market that would allow independent security researchers to earn a living from the vulnerabilities they discover. To prevent vulnerabilities from ending up in the hands of criminals, only qualified buyers are permitted to use the WabiSabiLabi auction site. While security companies routinely pay researchers for vulnerabilities and then keep this information under wraps, some believe researchers should first disclose such vulnerabilities to vendors free and, when a patch is released, make details of the vulnerability publicly available, a practice known in the security community as ethical disclosure. In the end, security researchers recognised the value of having an auction site like WabiSabiLabi, but very few buyers proved willing to use the site, said Roberto Preatoni, an Italian security consultant and WabiSabiLabi's director of strategy. "It didn't work very well. The marketplace was too far ahead of its time," he said, adding that a final decision on the fate of the marketplace has yet to be reached. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Mon Nov 03 2008 - 22:16:53 PST
This archive was generated by hypermail 2.2.0 : Mon Nov 03 2008 - 22:24:00 PST