"WabiSabiLabi" which can trade software security hole information on net auction

Information on vulnerabilities of various kinds of software and systems, information on security holes, etc. are traded in net auction format like Yahoo auction,WabiSabiLabi". It is operated by a company in Switzerland.

Part of past auction contents are now available for viewing, and it seems that there are various software information such as WordPress, VLC, Quicktime, ClamAV, IBM Lotus Domino, TikiWiki, Open Office Writer etc.

For details on how much price it is bidden, please see below.

The actual auction can be seen on the following page. Yesterday, although information was being delivered as much as four items, has it been bidded off, now nothing has been sent.


Part of the information that was bid in the auction in the past can be viewed from the following.

MarketPlace history

Looking at the bidding price, it is about 5100 euro (about 790,000 yen) if it is a high item.

The authenticity of the information being exhibited seems to be a problem, but it seems to be like the following.

WabiSabiLabi opens an auction site for trading security / hall information: ITpro

Those who discover security holes will first submit information to WSLabi. WSLabi analyzes and eventually forms it as an empirical code, then places an overview on the marketplace and "exhibits" it. In addition to waiting for a buyer's bid in the auction system, there is also the case of soliciting buyers with fixed price and selling only to specific buyers.

The problem is also pointed out in this net auction form.

Problem of vulnerability auction "WabiSabiLabi": ITpro

Slashdot Japan | Trading vulnerability at auction

However, looking at the fact that it is running smoothly even after the establishment in July 2007, it seems that it is doing as smoothly as it is.

in Web Service, Posted by darkhorse