WSLabi launches online auction site security vulnerability

A new online auction site called WSLabi is making a fairly new business: selling security exploits to those in need.

WSLabi said the motivation for them to carry out the business was because the rewarding form for successful researchers found that the vulnerability was no longer as fair as it used to be and was gradually broken.

Also according to WSLabi, the company hopes the new business model will help security savers not "give away" findings or sell them to criminals. WSLabi also hopes this form will help publicize more security holes.

In 2006 alone, more than 7,000 vulnerabilities were discovered, but studies show that only about 132,000 of these vulnerabilities are published, and thus the rest are kept private or used exclusively in cybercrime world.

Currently, the price of one vulnerability sold to software vendors (such as Microsoft) has an average price of US $ 300-1,000. However, WSLabi believes that this money will increase 10 to 20 times if auctioned off.

WSLabi will test each exploitation error in an independent lab and then issue it with demo code (proof of concept) so that researchers can bid or sell to one or more buyers at a price. permanent.

WSLabi will verify the origin of each buyer while pledging to ensure absolute confidentiality of user information. In addition, like eBay, users can use the nickname to register a bid on WSLabi's site.

There are currently three vulnerabilities auctioned on the WSLabi website, including Linux kernel memory overflow, Yahoo Messenger remote buffer overflow, and SQL injection errors in MKPortal.