Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

WSLabi elaborates on the market for network security intellectual property

WabiSabiLabi : 14 September, 2007  (Technical Article)
WSLabi discusses whether independent vulnerability analysts can make a difference in countering the increasing threats of new software exposures.
Is the black security market a myth or reality? Should independent security vulnerability researchers be paid for their research? Find the answers to these questions and many others in the keynote presentation by Roberto Preatoni, WabiSabiLabi's (WSLabi) Strategic Director, in his presentation entitled "WabiSabiLabi - The Exploit Marketplace" at the Hat in The Box Security Conference 2007, Asia's largest network security conference in Kuala Lumpur, this month.

WSLabi is the new online auction space for buyers and sellers of software vulnerabilities to enable them to conduct deals in a confidential manner. In the last two months, since they have established themselves, they have already had a thousand registered users to their website showing a very hot market for researchers wishing to sell their intellectual property to a very keen market wanting to buy the vulnerabilities.

Roberto Preatoni will offer a rare chance for the audience to hear first hand from WSLabi about their philosophy, business model and milestones achieved as well as the challenges the project will overcome in the future. Roberto will also discuss:.

* The history of research in the security field.
* The origins of WABISABILABI.
* Previous status of the security market with security researcher's work being exploited for free.
* The black security market: A Myth or Reality?.
* The traditional security vendor business model VS the Wabisabilabi model.
* Why is an auction space ethical, do major criticisms have any ground.
* Legal aspects of a security marketplace: the results of one year of legal investigations.
* The economical models: auction, Dutch auction, exclusive sale.
* The big dilemma: to disclose or not to disclose.
* Why the data is held securely.
* How the security research for sale is validated.
* How the buyers are vetted before they can bid.

Roberto Preatoni comments 'The IT security market is totally based on finding vulnerabilities, but the industry doesn't properly value independent researchers. They're told that to be ethical, they must disclose their findings for free. It's like blackmail. We believe they should be able to profit from their work. "
Roberto Continues, "It was reported recently that although researchers had analyzed a little more than 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be over 139,000 per year. This shows that without an open marketplace, it is impossible to know just how much this intellectual property is worth and what risk it poses. Whilst the free market is not the most perfect way to discover risks and values, it's a good proxy. Sure, lots of companies have been setting figures for what they think vulnerabilities are worth, but the majority of researchers have been getting far less than what their information is worth, and that's scandalous hence WSLabi has set out to change this.'
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo