The supermarket for unexploited bugs

On this week's Risky Business podcast, Patrick Gray explores the murky world of "bug shopping," a practise that is increasingly prevalent for software-as-a-service applications.

This week's Risky Business podcast is brought to you by Check Point Software and hosted, as always, by Vigabyte virtual hosting. Download it from:

In this week's show we speak to one of the pioneers of cash-for-vulnerability business practices -- David Endler. He's the director of TippingPoint's DVlabs and the founder and chairman of the VoIP Security Alliance. He popped by to talk about the latest trends in bug shopping.

Of particular interest is what Endler has to say about buying bugs in software-as-a-service applications like While TippingPoint would look at buying vulnerabilities in online applications, he doesn't want to be seen to be encouraging any law breaking. It's a bind!

Also on this week's podcast:

  • ZDNet Australia editor Munir Kotadia discusses the week's news with host Patrick Gray
  • Check Point's Steve MacDonald drops by to share his perspective on recent comments made by RSA Security's president Art Coviello in this week's sponsor interview

Read more on Security policy and user awareness