http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/231900575/more-exploits-for-sale-means-better-security.html By Robert Lemos Contributing Editor Dark Reading Oct 11, 2011 For a decade, security researchers have been able to earn money by selling the details of significant vulnerabilities to bounty programs: first to the Vulnerability Contributor Program launched by iDefense in 2002, and then to TippingPoint's Zero Day Initiative, which went live in 2005. Extending the model, security research and testing firm NSS Labs launched ExploitHub, an app store model for the sale of code to exploit known vulnerabilities. Preapproved buyers can browser the store and pay anywhere from $50 to $1,000 for ready-to-use exploit code. Yet the mix of attack code has been anemic. A look at ExploitHub shows that sellers are hawking code that attacks Oracle, Novell, and a handful of Windows vulnerabilities. NSS Labs hopes to change that: Last week, the company introduced a voting system for buyers to specify vulnerabilities of interest, as well as a prize system that pays a bounty for posting code to exploit the flaws. The company plans to pay between $200 to $500 for working attacks that target specific vulnerabilities in Internet Explorer and Adobe Flash. By providing exploits that are in greater demand, defenders are better served, says Rick Moy, CEO of NSS Labs. [...] _____________________________________________________________ FINAL CALL to register #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Wed Oct 12 2011 - 01:39:11 PDT
This archive was generated by hypermail 2.2.0 : Wed Oct 12 2011 - 01:43:24 PDT