Feeds

Security 'exchange' could hit costs

Swiss security lab opens secrets 'market'

Providing a secure and efficient Helpdesk

Software development costs could be increased by a new approach to security research. Swiss software security specialist WSLabi says the results of security research are falling into the wrong hands and has launched an online 'secrets' exchange to solve the problem.

Herman Zampariolo, CEO of WSLabi, said: "The world is creating an incredible amount of software and firmware and a lot of it is not secure. We decided to set up an exchange portal to sell security research to ensure researchers get properly rewarded for their work and, at the same time, hackers can't easily get hold of it."

He told Register Developer that WSLabi has evidence that security researchers in Russia and China often sell the results of their research to criminal elements who use them to exploit so-called zero-day vulnerabilities - holes in newly-released software that have not been spotted and patched.

Under the principle of ethical disclosure, security researchers are theoretically obliged to pass on their findings to software developers. But Zampariolo argues that the research is in fact intellectual property and there should be mechanisms to protect it and sell it at market value.

"The number of new vulnerabilities found in developed code could, according to IBM, be as high as 140,000 per year. The marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals," Zampariolo explains.

WSLabi will vet any research results it receives before making them available through its exchange portal. It will advise researchers on the best way to distribute their result to maximise their income and it will only sell research on to genuine, authenticated software and firmware developers.

WSLabi will, of course, charge fees to researchers and purchasers to cover its costs. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.