Putting new vulnerabilities up for acution?

**Dark Tangent** · July 5, 2007, 16:52

Re: Putting new vulnerabilities up for acution?

This is a old idea.. I remember having a talk with someone about 4 years ago who was ready to roll out 'ZeroBay.com' and then thought better of it.

Now it is a different environment.. It might be hard to verify the exploits, but with enough people and equipment you could do just that and act as a trusted third party.

**DaKahuna** · July 5, 2007, 16:56

Re: Putting new vulnerabilities up for acution?

Originally posted by Dark Tangent

This is a old idea.. I remember having a talk with someone about 4 years ago who was ready to roll out 'ZeroBay.com' and then thought better of it.

Now it is a different environment.. It might be hard to verify the exploits, but with enough people and equipment you could do just that and act as a trusted third party.

I agree but I don't see what is in it for the guys doing the validation other than they have free access to the 0-day's put up for sale.

**renderman** · July 5, 2007, 20:15

Re: Putting new vulnerabilities up for acution?

I'm still old school in my thinking I guess when I say that I'll always follow full disclosure and release everything for free to the community at large.

The financial incentive might be there but the moral imperative trumps that (in me anyways, but I'm probably just weird)

**erehwon** · July 7, 2007, 11:58

Re: Putting new vulnerabilities up for acution?

Originally posted by DaKahuna

I agree but I don't see what is in it for the guys doing the validation other than they have free access to the 0-day's put up for sale.

Nowhere on the site does it mention how much the house makes for being the intermediary for these auctions, but there is an extremely telling statement is from the WSLabi Services page...

WSLabi is also a full service provider of security intelligence to corporations, governments and international organizations.

Its hard to auction exploits as exclusive if the DSD and NSA/CSS have seen them first.

**DaKahuna** · July 7, 2007, 17:08

Re: Putting new vulnerabilities up for acution?

Originally posted by erehwon

WSLabi is also a full service provider of security intelligence to corporations, governments and international organizations.[/SIZE][/B]

Its hard to auction exploits as exclusive if the DSD and NSA/CSS have seen them first.

Exactly - how better to market your security services than to have a stead supply of 0-day's.

I am with Render though - full and open disclosure is the morally ethically thing to do.

**theprez98** · July 7, 2007, 18:48

Re: Putting new vulnerabilities up for acution?

Sadly, if there is a way to make a dollar, someone will exploit it...regardless of morality. I think I made this exact statement a few weeks ago in regards to something else.

Putting new vulnerabilities up for acution?

Putting new vulnerabilities up for acution?

Comment

Comment

Comment

Comment

Comment

Comment