14 DAY TRIAL // This site does not only intend to give a higher level of protection and a bigger financial reward to the researchers for their work, but it also should increase the amount of disclosed vulnerabilities. A smaller gap between the known bugs and the thought-to-be ones is also an objective of this project.
Some last-year studies showed that almost 132,000 flaws could have been disclosed in 2006 if the adequate methods had been applied. These numbers are a good enough argument for WSLabi to start this project. Also they hope to offer a better way for the researchers to earn money for their work.
WSLabi hopes that the price for sold vulnerabilities will raise this way from around $200-1,000 to even twenty times these current rewards. But that will happen only if their auction service proves to be successful. Also the profile of the buyer should be somehow different. Kaspersky Labs revealed that in 2006 Russian hackers sold the Windows WMF vulnerability for around 4,000$.
Before being accepted to the auction site, the exploits will be tested in an independent lab and packaged with a proof of concept code. Then the researcher will be able to choose if he/she still wants to auction it off.
The company declared that this practice is a necessary step to make sure that both the buyer and the seller will take advantage of their transaction. Anyway, the buyers will be vetted with a lot of precaution before being able to access the site. Also the name of the traders will be hidden under nicknames and all the sensitive data will be held on a secure server.
For the first six months WSLabi will be free for its customers, both buyers and sellers, but after that 10 percent is charged. So far, the first vulnerabilities that are posted to WSLabi have a selling price ranging between 500 and 2000 euros. Among them, a Squirrelmail issue, a Yahoo Messenger remote buffer overflow or a Linux kernel memory issue must be mentioned.