infosoldier.com

Slashdot regular Bennett Haselton has written in with his latest essay. He starts "WabiSabiLabi generated some controversy recently by announcing their eBay-like site for security researchers to sell security exploits to the highest bidder. But WabiSabiLabi didn't create the black-and-grey market for security exploits, they merely helped draw attention to it. There's nothing that companies like Microsoft can do about the black market where security exploits sell for tens of thousands of dollars, but there's one obvious thing they can do to help protect users: offer to buy up the security vulnerabilities themselves. If they did that, then the exploits would probably never make it onto a black-market auction in the first place, because the "white hat" researchers would have found them and reported them first. Thus I think WabiSabiLabi is doing the world a favor, by shining a spotlight on the black market that thrives when companies won't pay for security bug reports." Click that magical little read more link below to continue the thought.Read more of this story at Slashdot.