Feeds

Security 'exchange' could hit costs

Swiss security lab opens secrets 'market'

Providing a secure and efficient Helpdesk

Software development costs could be increased by a new approach to security research. Swiss software security specialist WSLabi says the results of security research are falling into the wrong hands and has launched an online 'secrets' exchange to solve the problem.

Herman Zampariolo, CEO of WSLabi, said: "The world is creating an incredible amount of software and firmware and a lot of it is not secure. We decided to set up an exchange portal to sell security research to ensure researchers get properly rewarded for their work and, at the same time, hackers can't easily get hold of it."

He told Register Developer that WSLabi has evidence that security researchers in Russia and China often sell the results of their research to criminal elements who use them to exploit so-called zero-day vulnerabilities - holes in newly-released software that have not been spotted and patched.

Under the principle of ethical disclosure, security researchers are theoretically obliged to pass on their findings to software developers. But Zampariolo argues that the research is in fact intellectual property and there should be mechanisms to protect it and sell it at market value.

"The number of new vulnerabilities found in developed code could, according to IBM, be as high as 140,000 per year. The marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals," Zampariolo explains.

WSLabi will vet any research results it receives before making them available through its exchange portal. It will advise researchers on the best way to distribute their result to maximise their income and it will only sell research on to genuine, authenticated software and firmware developers.

WSLabi will, of course, charge fees to researchers and purchasers to cover its costs. ®

Internet Security Threat Report 2014

More from The Register

next story
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
Chrome 38's new HTML tag support makes fatties FIT and SKINNIER
First browser to protect networks' bandwith using official spec
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.