Security 'exchange' could hit costs
Swiss security lab opens secrets 'market'
Software development costs could be increased by a new approach to security research. Swiss software security specialist WSLabi says the results of security research are falling into the wrong hands and has launched an online 'secrets' exchange to solve the problem.
Herman Zampariolo, CEO of WSLabi, said: "The world is creating an incredible amount of software and firmware and a lot of it is not secure. We decided to set up an exchange portal to sell security research to ensure researchers get properly rewarded for their work and, at the same time, hackers can't easily get hold of it."
He told Register Developer that WSLabi has evidence that security researchers in Russia and China often sell the results of their research to criminal elements who use them to exploit so-called zero-day vulnerabilities - holes in newly-released software that have not been spotted and patched.
Under the principle of ethical disclosure, security researchers are theoretically obliged to pass on their findings to software developers. But Zampariolo argues that the research is in fact intellectual property and there should be mechanisms to protect it and sell it at market value.
"The number of new vulnerabilities found in developed code could, according to IBM, be as high as 140,000 per year. The marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals," Zampariolo explains.
WSLabi will vet any research results it receives before making them available through its exchange portal. It will advise researchers on the best way to distribute their result to maximise their income and it will only sell research on to genuine, authenticated software and firmware developers.
WSLabi will, of course, charge fees to researchers and purchasers to cover its costs. ®
market in bugs
Finally - a mechanisim to properly price the value/cost of software bugs - for too long microsoft and others have got away with fobbing us off with poor "good enough" software - bugs that have cost the community at large huge bucks in workarounds or patching or intrusions - it'll beinteresting to see if the SW vendors are willing to bid against the bad guys to buy back their own bugs.
Of course they sell them. And I'll bet some of the sploits come from government researchers. Who probably figure that a) it's money in the coffers and b) as long as the crooks don't attack their citizens, it's an addition to the GNP.
BilderBerger Mountain View ..... or just an Alien perspective.
Crikey, a Wannabe SAP for Real Live Spies/ESPecial AIgents.
Whenever WSLabi get around to Investing in their own Virtuous Circle of Code Crackers/0dDay Enterpreneurs, just let us know 42 Register ITs Interest.
It is typically Swiss though...the premise and methodology. Very PCRC.
And much more Dan Dare and Flash Gordon than James Bond and Goldfinger although you can be assured that Pussy Galore will always Star in her leading/lead me on Roles......... IT makes the Game worth Playing, [and especially so whenever you dDare 42 Win Win having Properly Planned and Prepared to Prevent Piss Poor Performance. A targetted Aim will always then strike the Bulls-eye and Realise Gold. ........ which is right up the Gnomes of Zurich street.
Parse that right and its an Opportunity ...... parse IT badly and it reveals the Vulnerability in being Servered with dodgy Analysis...... ie IT being parsed as an Opportunity by Others....... which will always be the Dilemma in such Enigmas for those who are Vulnerable rather than Opportune.