Hack Exchange

Go find a bug. Invite bids; sell it to the highest bidder. Cool?

Big IT vendors like CISCO, MS, IBM, Oracle all engage in-house snooper teams to do vulnerability research on their software – to find bugs and fix them. While these employees were highly paid, outside freelancers/users had to settle just for credits if they did it.

The newly opened auction site, WabiSabiLabi, doesn't require buyers to work with vendors on a fix before disclosing the flaw. Operators of the site say they try to validate both buyers and sellers -- for example, requiring copies of passports and bank account information -- but many people remain skeptical. The suspicion that there existed a thriving black market for this knowledge is vindicated. Now the question – is WabiSabi turning it legit?

Wabi-sabi seeks to represent the implicit imperfection of IT security and to contribute to its improvement, as claimed by the site. It seeks to achieve this goal by completely re-designing the traditional security research cycle, introducing for the first time ever a market-driven approach to correctly value the security researchers contributions.

.

Stoking up extortion? Well, this site would eventually be a hack exchange besides helping many crooks and a few enterprising samaritans figure out the FMV of their `find’ and/or its `patch' … Next what? A Hack index and Daily moving average?

.

To me that’s bad news…crunch time for FBI sleuths, I guess !

.