Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Software vulnerability auction website

  • 06-07-2007 5:43pm
    #1
    probe
    Closed Accounts Posts: 2,055 ✭✭✭


    Your chance to improve software security for your children and future generations. If you find a security flaw in a software product – don’t tell the vendor – sell it on www.wslabi.com – a Swiss “ebay” for software vulnerabilities, aimed at selling to the highest bidder. Make Microsoft and the rest of them pay for their screw-ups. Nothing like hitting companies in the bottom line to get them to improve product quality.

    .probe

    http://www.theregister.com/2007/07/06/security_flaw_marketplace/


Comments

  • #2
    _CreeD_
    Registered Users, Registered Users 2 Posts: 4,173 ✭✭✭_CreeD_


    :eek:

    Sure...Microsoft will pay....after the users have been through the mill.


  • #3
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    A little harsh selling a flaw at least give them a few months to fix it or not.

    Not all companies are the evil empire


  • #4
    scojones
    Closed Accounts Posts: 7,230 ✭✭✭scojones


    NutJob wrote:
    A little harsh selling a flaw at least give them a few months to fix it or not.

    Not all companies are the evil empire

    This sort of carry on causes small companies to go under. It's just giving the big companies like Microsoft an edge tbh. This is far from ethical.


  • #5
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Surely this is just a agency service between vulnerability researchers and the likes of iDefense rather than being for the purposes of holding large vendors to ransom. Mind you, I guess there's nothing to stop them from bidding but I suspect that this information is of more value to the companies that sell "security intelligence" services that this information forms the basis of.

    Vulnerabilities in the products of small companies tend not to be in huge demand (the companies who actively purchase such information tend to keep lists of vendors they are interested in and it reflects the purchasing policies of their clients).


  • #6
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,857 Mod ✭✭✭✭Capt'n Midnight


    There is also nothing stopping you buying a vulnerability and patenting the fix for it. You don't actually have to develop a fix just patent the concept of a fix for that vulnerability. If a third party develops a fix independently you can charge them whatever you want or legally prevent then deploying their fix.


  • Advertisement
Advertisement