Friday, July 13, 2007

Site Plans to Sell Hacks to Highest Bidder

Washington Post

A Swiss Internet start-up is raising the ire and eyebrows of the computer security community with the launch of an online auction house where software vulnerabilities are sold to the highest bidder.

The founders of WabiSabiLabi.com (pronounced wobby-sobby-lobby) say they hope the service presents a legitimate alternative for security researchers who might otherwise be tempted to sell their discoveries to criminals.

Several established vulnerability management companies already purchase information about software flaws from researchers, yet the terms of those deals are private and generally set by the companies. Letting all interested parties bid on security vulnerabilities in an "eBay"-style auction assures that researchers receive the fair market value for the work they do in finding the flaws, said Herman Zampariolo, WabiSabiLabi's chief executive.

"Without an open marketplace, it is impossible to know just how much this intellectual property is worth, and while the free market is not the most perfect way to discover that, it's a good proxy," Zampariolo said. "Sure, lots of companies are setting figures for what they think vulnerabilities are worth, but a majority of researchers are getting far less than what their information is worth, and that's scandalous."...

No comments: