I recently read about WabiSabiLabi where exploits are for sale to the highest bidder. At the moment, you can bid on security exploits in Linux, Yahoo Messenger and a couple web-applications. Here's a link to the article on c|net.
Owners of the site insist that it provides that researchers are funded and compensated for their efforts, and likens it to funding the fire department so they know how to put out a fire.
Opponents argue that this doesn't improve the current private, back-alley transactions -- it just puts them front-and-center.
Marketplace or extortion? Your thoughts?
Subscribe to:
Post Comments (Atom)
1 comment:
Marketplace!!!! This is the world of the internet where anything goes. Until they can federally mandate and regulate content on the internet, nothing like this will ever be stopped.
The flip side is, why are we not employing more "penetration analysts" with networks and software applications as main targets to find these exploits before any hacker group does. I have a friend who reverse engineers patches from Microsoft on patch Tuesday, walks them into the NSA (with his top secret clearance) and gives our government 3 or 4 days to use the exploits against other countries until they (the other big blue) figures out how to fix them. Interesting huh.... These people who oppose them, could they possible fear the unknown? Or do they even know what they are opposing. JRS
Post a Comment