An interesting concept….
An ebay-like online auction has been set up to enable security researchers (/hackers/coders/testers) to auction the defects they find to the highest bidder. By providing an incentive to the researchers the providers hope to prevent bugs getting into the wrong hands (russian crime syndicates and the like).
There is a proven market for vulnerabilites as shown by the Russian hackers selling the Windows WMF vulnerability for $3-5000 a pop. It was closed by Microsoft shortly after it was revealed that the details were being sold. The auction house is called WabiSabiLabi . They state that “Our intention is that the marketplace facility on WSLabi will enable researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals”
I have to say (and this is only my opinion), I struggle to see this as being a method of responsible disclosure. To sell to the highest bidder shows no morality or true desire to be helping the vendors. It looks like a pretty good way for blackhats to make a few bucks and for the criminals to have an easy and reliable source of exploit.
An interesting concept and one which plenty of security professionals will probably be keeping an eye on one way or another.
