Software vulnerabilities marketplace gains ground

The organisation says it has already handled 29 web app vulnerabilities, 19 for Linux, 51 for Windows, 10 for SAP – and the list goes on. IT security experts appear to have jumped at the opportunity to sell their research in a safe environment to a ready audience of vetted buyers wanting the latest IT security vulnerabilities. Not surprising when prices paid range from eur 100,000 to 15,000. The site has recorded 160,000 unique visitors ranging from enterprises to government departments and software vendors in the IT Security sector wanting to stay ahead of the game. WSLabi CEO Herman Zampariolo, says: “The number of researchers registering and submitting vulnerabilities as well as security companies and corporations registering to enable them to bid has radically exceeded our expectations. However, it is not just the quantity … but also the quality, with many critical vulnerabilities in enterprise software being submitted.” However, he also makes the point that not all vulnerabilities make it onto the marketplace, saying that to date 40 flaws have been rejected due either to their having been obtained illegally – and he cites reverse engineering on protected software – or for being specific to a website. Also buyers are vetted. Zampariolo says that of the applications WSLabi has received from potential buyers to access the marketplace only two thirds have been accepted.