Insecurity experts flog vulnerabilities

HACKERS WHO discover a flaw in software are flogging them on a new auction site.

WabiSabiLabi says it wants to change the back-room market for security vulnerabilities and move it into the mainstream. An insecurity expert who finds a flaw can sell it on WSLabi's marketplace auction site here.

WSLabi, which says it is a "neutral, vendor-independent Swiss laboratory," checks out the vulnerabilities and verifies their validity before allowing them to be flogged.

On WabiSabiLabi today is a Linux kernel memory leak vulnerability which you can buy for 500 euros.

According to the site the current "ethical disclosure" policy followed by insecurity researchers is costing them cash. It is being used by vendors and security providers in order to exploit their efforts for free. WabiSabiLabi is reported on Dark Reading as saying it is giving cash back to the security industry.

More here. µ