NSS Labs has targeting security experts as customers for its planned online store for security exploits.
Through the Exploit Hub, NSS Labs will allow researchers to buy and sell exploits. According to NSS Labs president Rick Moy, the initial set of buyers will be “known quantities” such as penetration-testing companies and security vendors. The company will carefully vet the customers as it is aware of the dangers of opening the service to all-comers.
The marketplace will be a library of exploits supplied for sale by anti-malware companies and security professionals. NSS will take a 30 percent cut of the sales in exchange for testing and validating the exploits, as well as promoting and managing the marketplace. The price of exploits will be driven by demand with the researchers who submit the exploits deciding on the initial price tag for their work, Moy added.
“Identities and reputations of companies and individuals will be a key factor,” Moy said. “We plan to leverage our long-standing independent position in the information security community and network of peers to vet the participants.”
No zero-day vulnerabilities will be sold through the store, something that distinguishes it from marketplaces like the one previously run by WabiSabiLabi which has now closed down.
“In the end, the efforts required to keep a zero-day secret also work against the concept of an open marketplace,” said H D Moore, chief security officer at Rapid7 and creator of Metasploit. “The NSS approach sounds like a great way for exploit developers to profit from their work and an excellent source of useful tools for penetration testers everywhere.
“Since they are only dealing with exploits for which vulnerability details are already available, it’s less about safeguarding sensitive information and more about creating a market for exploit tools,” he said.
NSS Labs is planning a phased-release approach to vetted buyers and is aiming to open the store in October, Moy said. Interested parties can sign up by contacting exploithub@nsslabs.com.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…