Every security professional should be keeping an eye on the developing market in security vulnerabilities. For some time, security vendors such as i-Defense and TippingPoint have been offering thousands of dollars in exchange for new security vulnerabilities. And this week saw a new development in this market with the launch by WabiSabiLabi of a new eBay-style service for trading security vulnerabilities.
It’s a fascinating, disturbing but inevitable concept, which underlines both the increasing value of security research and the growing ease with which potentially dangerous, cutting-edge know-how can be obtained. Such services are a step forward if buyers are adequately screened and management can properly safeguard the highly sensitive information they are likely to attract. But the easy access to such information can also present an increased risk. So let’s hope the company is geared up to manage this service securely. WabiSabiLabi claims to be “vendor neutral” and it certainly has an international flavour with a Swiss base and a Japanese-derived name.
One thing is clear. The stakes in this market are getting higher with growing business and citizen dependence on technology. The trading price of a new security vulnerability reflects this. In fact it’s a powerful new security metric that reflects the real value of information security in today’s world.