Internet auction for security holes

Many hackers find security bugs and backdoors that allow them to penetrate Windows software – those security researchers who find security flaws now are offering their findings on Internet auctions.

They sell information about security issues to the highest bidder on an online auction house, that has been created to help security researchers and companies to find solutions working together.

The online auction house just launched aims to close the gap between the huge number of existing loopholes in common software and the number of bugs being investigated by software companies.

Companies now want to reward security researchers that provide information about flaws to prevent falling it in to the hands of cybercriminals.

Among security specialists there is known that numerous crackers rely on undocumented loopholes in popular Windows software to gain unauthorised access to the PCs of private users. They often do their research at home and sell information about securiy bugs for significant sums of money.

Organised cybercriminals are more into using their findings for their own ends than to sell them to others. They often use security holes to steal sensitive information or hijack computers and are not very interested in sharing their knowledge with others.

The online auction house WabiSabiLabi (www.wslabi.com), aims to staunch the flow of vulnerabilities to the underground by giving hackers and security researchers a legitimate marketplace for what they find.

"Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals," said Herman Zampariolo, head of the auction site.