‘WSLabi’ should provide researchers with a chance to obtain the correct value for their findings through its global marketplace. The website’s developers claim it will eventually become a database of every piece of IT security research ever done.
Herman Zampariolo, CEO of WSLabi, said:
“We decided to set up this portal for selling security research because although there are many researchers out there who discover vulnerabilities very few of them are able or willing to report it to the ‘right’ people due to the fear of being exploited.”
He continued, “Recently it was reported that although researchers had analysed a little more than 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be as high as 139,362 per year. Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals.”
Researchers can submit their findings to the exchange once they have registered, and WSLabi will verify the research by analysing and replicating it at their testing laboratories.
Eventually they will package the findings with a ‘Proof of Concept’, which can then be sold by starting an auction, selling at a fixed price to several people or selling it exclusively to one buyer.
Roberto Preatoni, WSLabi’s Strategic Director said:
“Before we have even launched the marketplace there are already three new vulnerabilities available from security researchers. The vulnerability research is associated with Linux, Yahoo! Messenger client and SquirrelMail. This shows that this venture is filling a gap within the security research market, a place where security researchers are confident that they will get the right value for their findings”.
The marketplace will be free to use for the first six months for both researchers and buyers and all users can operate under a nickname.