An eBay-style marketplace where researchers and vendors can buy security vulnerabilities has been launched. Run by a Swiss research lab, WSLabi aims to allow security researchers to get a fairer deal for their research. All research will be vetted before a sale can be made, and users will also be checked to ensure criminals do not buy exploits or sell illegally obtained attacks, according to the company.
Once findings have been verified, they will be packaged withproof-of-concept code before being sold via an auction format. HermanZampariolo, CEO of WSLabi, said: "Recently it was reported that althoughresearchers had analysed more than 7,000 publicly disclosedvulnerabilities last year, the number of new vulnerabilities found incode could be as high as 139,362 per year. Our intention is that themarketplace facility will help security researchers to get a fair pricefor their findings and ensure that they will no longer be forced to givethem away for free or sell to cyber criminals."
Although many vendors try to gain an edge by buying security flaw datafrom independent researchers, the auction site marks a new level oftransparency in this potentially murky market. Payments are known tovary widely, but the maximum is thought to be around £5,000.Selling the same information on the black market is likely to generatemore, albeit illegal, revenue.