Finally a Marketplace Site for Security Research04/07/2007 Written by Zone-H
A revolution in the way security research is handled and reported has occurred! WSLabi (http://www.wslabi.com), a neutral vendor independent Swiss laboratory, has launched a new international security research exchange.
This exchange will create a portal where researchers, security vendors and software companies can interact in an open market to enable researcher’s to obtain the correct value for their findings. The exchange will become a global database of every IT security research ever found.
According to Herman Zampariolo, CEO of WSLabi, “We decided to set up this portal for selling security research because although there are many researchers out there who discover vulnerabilities very few of them are able or willing to report it to the ‘right’ people due to the fear of being exploited. Recently it was reported that although researchers had analyzed a little more than 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be as high as 139,362 per year.
Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals.” Researchers can submit their findings to the exchange once they have registered. WSLabi will then verify the research by analyzing and replicating it at their independent testing laboratories.
They will eventually then package the findings with a Proof of Concept; this can then be sold to the marketplace via three methods from the marketplace platform:
• Starting an auction, predefined starting price
• Selling to as many buyers as possible at a fixed price
• Selling it exclusively to one buyer
WSLabi will also help researchers to design the best business model (e.g. selling schemes, starting selling price etc.) which will enable them to maximize the value of their findings. For example, a piece of research that would currently sell to one company on an exclusive basis for $300 — $1000 could sell for ten to twenty times more than this amount using the portal.
Roberto Preatoni, WSLabi’s Strategic Director, comments “Before we have even launched the marketplace there are already three new vulnerabilities available from security researchers. The vulnerability research is associated with Linux, Yahoo! Messenger client and SquirrelMail. This shows that this venture is filling a gap within the security research market, a place where security researchers are confident that they will get the right value for their findings”.
Both researchers and buyers will have to identify themselves to WSLabi to ensure they are legitimate. Researchers cannot submit security research material which comes from an illegal source or activity. Buyers will also be carefully vetted before being granted access to the auction platform so that the risk of selling the ‘right stuff’ to the wrong people is minimized. The marketplace will be free to use for the first six months for both researchers and buyers.
Even though all parties will have to identify themselves to WSLabi, no personal information will ever be disclosed or held in the public domain. Each buyer and seller will have a nickname that they will trade under. The personal data along with the full details of the vulnerabilities will not be kept on the website database but will be held on a separate and secure system. The auction site will only show the nicknames of the seller along with an overview of the vulnerability. To obtain full details the purchaser will have to purchase the research.
About WSLabi (www.wslabi.com)
WSLabi, a Swiss marketplace and Lab for Security Research Exchange (WSLabi), has been founded by a group of security professionals who were unsatisfied by the way zero-days research is handled and security researchers are rewarded. The company will facilitate sale/purchase of Security Research by providing a secure market environment to maximize the security researcher’s reward.
For more information or interviews contact:
Eskenzi PR Ltd.
++44(0)20 7183 2834