New Site Aims To Be iTunes For Exploits 55
Trailrunner7 writes "It's been tried before, but NSS Labs founder Rick Moy says his company's new Exploit Hub — a store front for exploit code — can work. In an interview, he explains why the current market for exploits doesn't work for the good guys, and why zero-day exploits don't help anyone. Above-board markets for software vulnerabilities have been around for close to a decade, but previous efforts to market exploits have had mixed results. The business of selling exploits versus vulnerabilities is fraught with danger, and organizations like WabiSabiLabi have operated eBay-style marketplaces for zero-day exploits for years, but haven't seen exploit writers beating a path to their door. The need for an above-board marketplace that can compete with the black market surely exists, but getting it to work is another matter entirely."
Re:What the hell (Score:5, Insightful)
charging a company money for information you have on security holes in their software doesn't sound "above board" to me in the least.
And not earning anything for your work does? If I help you fix your broken program I'm within my rights to ask for compensation. Now, threatening to release and abuse it if you don't pay isn't so ethical.