By Sumner Lemon
IDG news service
30 October 2008
Swiss security company, WabiSabiLabi could close its online marketplace
for security vulnerabilities. The organisation is look to divert its
attention to the OneShield unified threat management (UTM) appliances it
developed with Italian defence company EuroTech.
Last year, WabiSabiLabi opened an online auction site for unpatched
security vulnerabilities, also called 0days. The company's stated aim
was to provide a market that would allow independent security
researchers to earn a living from the vulnerabilities they discover. To
prevent vulnerabilities from ending up in the hands of criminals, only
qualified buyers are permitted to use the WabiSabiLabi auction site.
While security companies routinely pay researchers for vulnerabilities
and then keep this information under wraps, some believe researchers
should first disclose such vulnerabilities to vendors free and, when a
patch is released, make details of the vulnerability publicly available,
a practice known in the security community as ethical disclosure.
In the end, security researchers recognised the value of having an
auction site like WabiSabiLabi, but very few buyers proved willing to
use the site, said Roberto Preatoni, an Italian security consultant and
WabiSabiLabi's director of strategy.
"It didn't work very well. The marketplace was too far ahead of its
time," he said, adding that a final decision on the fate of the
marketplace has yet to be reached.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!