Security researchers who find holes in software can now sell their findings to the highest bidder.
An online auction house has been created to bring together those who find the loopholes with the companies that can do something about them.
It aims to close the gap between the small number of bugs investigated and the huge number thought to exist. By rewarding researchers, the auction house aims to prevent flaws getting in to the hands of hi-tech criminals.
Many malicious and criminal hackers rely on loopholes in widely used software, usually Windows, to get access to the valuable information on users PCs.
There is known to be a ready market for these vulnerabilities on the digital underground and significant sums of money can be made by selling them.
In early 2006 anti-virus firm Kaspersky Labs revealed that Russian hackers had been selling the Windows WMF vulnerability for $4000 (£2,000). The loophole was offered for sale weeks before it was widely known about and long before Microsoft moved to close it.
The first vulnerabilities posted to WSLabi are selling for between 500 (£340) and 2000 (£1,350) euros.
Many other companies, such as iDefense and Tipping Point, run schemes that give cash rewards to security researchers who find serious loopholes in widely used software.
The Mozilla Foundation, which oversees development of the Firefox browser amongst other things, gives a t-shirt and a $500 (£250) bug bounty to anyone finding a critical vulnerability in its software.
SOURCE
I'm very glad to see a well respected member of the software business, Mozilla, getting involved in this project. Kudos to all involved, and I want one of those T-Shirts!
CZMQFRG