By IANS
New York : Good news for hackers and software security experts.
Wabisabilabi (WSLabi), a Swiss security firm has created an online auction house called 'WabiSabiLabi' to bring together people who can find loopholes in the software used by companies and can find a solution.
Many criminal hackers rely on loopholes in widely used software, usually Windows, to get access to the valuable information on computers.
Security researchers who find holes in such software can sell their findings to the highest bidder in this new online platform, said the online edition of BBC News.
They will have to identify themselves to WSLabi but no personal information will be revealed in the public domain. Each buyer and seller will have a nickname under which they will trade.
WabiSabiLabi aims to give software experts a legitimate marketplace where they can trade the loopholes they find in a software. This will stop the use of these loopholes or vulnerabilities by underground elements, Herman Zampariolo, head of the auction site said.
It aims to close the gap between the small number of bugs investigated and the huge number thought to exist in reality. By rewarding researchers, he claimed the auction house will prevent the flaws getting in to the hands of hi-tech criminals.
He added that it could tempt many researchers to report findings they would otherwise keep quiet about.
"Very few of them are able or willing to report the loopholes to the 'right' people due to the fear of being exploited," Zampariolo said.
Once a vulnerability is reported, WSLabi will confirm it is real and can be exploited. Then, it will be placed on the auction site where it can be sold to the highest bidder or to just one firm.
WSLabi said it would ensure that all those who buy the vulnerabilities were legitimate.
The first vulnerabilities posted to WSLabi are selling for between 500 (£340) and 2000 (£1,350) euros.
Many companies, such as iDefense and Tipping Point, run schemes that give cash rewards to security researchers who find serious loopholes in widely used software.
The Mozilla Foundation, which oversees development of the Firefox browser amongst other things, gives a t-shirt and a $500 (£250) bug bounty to anyone finding a critical vulnerability in its software.