Psst. Want to buy a zero-day? A Swiss startup called WabiSabiLabi Ltd. has some for sale, but to qualified buyers only.
On Tuesday, the company launched a security vulnerability marketplace, where details on unpatched software flaws can be bought and sold. By Thursday, the site was offering details on four bugs in products such as the Linux kernel and Yahoo Messenger. No bids had yet been registered, and asking prices for the research ranged between $681 and $2724.
An 0day vulnerability is a previously undisclosed bug that has not been fixed by the vendor.
WabiSabiLabi argues that the computer industry’s ethical disclosure policies have led to a raw deal for security researchers, who typically are not paid for disclosing vulnerabilities. „Nobody in the pharmaceutical industry is blackmailing researchers (or the companies that are financing the research), to force them to release the results for free under an ethical disclosure policy,“ the WabiSabiLabi Web site states. Representatives from WabiSabiLabi could not immediately be reached for comment.
View Full Article: Computerworld