As I was pawing my way through the deluge awaiting me in my inbox this morning I noticed this one. Sean Hargrave (Guardian UK) has a interesting article dealing with the growing number of security vulnerability marketplaces that have been popping up of late.
From the Guardian UK:
This year computer users will be more exposed to cybercriminals than ever before. It’s not just because online crime is so attractive to identity theft gangs but, ironically, because the computer security industry that is supposed to protect users has deteriorated – from one which shared everything about newly discovered weaknesses to what some within it now call a “protection racket”.
It may sound alarmist, but researchers such as Paul Henry, vice-president of technology at Secure Computing, are using exactly that language to describe a move by a small minority of security companies now paying hackers for exclusive access to newly discovered vulnerabilities. This ensures their customers are protected while the software vendor works out a solution and rolls out a patch, a process that can take weeks.
I have to admit that I’m not a fan of these marketplace sites. What’s your take?
[tags]Vulnerability Marketplaces, Selling Exploits, Selling Vulnerabilities[/tags]