Should Security Flaws to Be Sold to Software Companies?

There are lots of security flaws spotted every day and, even if some of you may think that all of them underline the weak security of our installed software, it's actually a good thing that such problems were disclosed. First of all, think that if security researchers discover vulnerabilities, the companies which produced the software could fix them and obviously improve the security of the tools. However, WabiSabiLabi is one of the companies which brought a different perspective over reporting security flaws to software companies.

In case you have never heard of it, WabiSabiLabi is an online bidding website which trades software vulnerabilities, a concept which has been often criticized by many Internet users and companies. Although the firm attempts to sell software flaws on the web, this isn't a bad thing, the owners of the business explain.

"Security researchers have no duty, no obligation to disclose their findings to the vendor. The problem is, the market as it is built today, is blackmailing researchers on ethical grounds to disclose findings to vendors. It's a way for vendors to force researchers to get findings for free. Usually vendors work together with a lobbyist press to support this idea [that it's only ethical to do so]," Roberto Preatoni told ITWeb.

WabiSabiLabi is not a new presence on the web, but following Roberto Preatoni's adventures (you know the story that he had some trouble with the police), the company is again assaulting the web and, as the its founder announced a few weeks ago, it gets ready to announce a partnership which may boost the company's popularity.

"The ethical thing is to pay security researchers for a job they're doing, a job that's not been done by the vendor because of the cost of maintaining a thorough testing department. Competition is driving them to release products as early as possible, which means they sell vulnerable software, so they don't carry the cost of securing their own software," the WabiSabiLabi official added.

MORE RELATED ARTICLES: Arrested Security Flaw Merchant Comes Back Online $20,000 for a Nasty Crumb of Windows Got Money? Then You Can Protect Your Linux Computer! Microsoft Starting to Get Cozy in the Software Vulnerabilities Bazaar? Microsoft Will Buy Nothing from the Windows Vista Vulnerabilities Bazaar Would You Pay for a Yahoo Messenger Hacking Tool?