Categories: SecurityWorkspace

NSS Plans Superstore Exchange For Exploits

NSS Labs has targeting security experts as customers for its planned online store for security exploits.

Through the Exploit Hub, NSS Labs will allow researchers to buy and sell exploits. According to NSS Labs president Rick Moy, the initial set of buyers will be “known quantities” such as penetration-testing companies and security vendors. The company will carefully vet the customers as it is aware of the dangers of opening the service to all-comers.

Market Penetration

“The goal is to close the capabilities gap between the cybercriminals and white hats by enabling defenders to perform more comprehensive testing of their defences,” Moy told eWEEK.

The marketplace will be a library of exploits supplied for sale by anti-malware companies and security professionals. NSS will take a 30 percent cut of the sales in exchange for testing and validating the exploits, as well as promoting and managing the marketplace. The price of exploits will be driven by demand with the researchers who submit the exploits deciding on the initial price tag for their work, Moy added.

“Identities and reputations of companies and individuals will be a key factor,” Moy said. “We plan to leverage our long-standing independent position in the information security community and network of peers to vet the participants.”

No zero-day vulnerabilities will be sold through the store, something that distinguishes it from marketplaces like the one previously run by WabiSabiLabi which has now closed down.

“In the end, the efforts required to keep a zero-day secret also work against the concept of an open marketplace,” said H D Moore, chief security officer at Rapid7 and creator of Metasploit. “The NSS approach sounds like a great way for exploit developers to profit from their work and an excellent source of useful tools for penetration testers everywhere.

“Since they are only dealing with exploits for which vulnerability details are already available, it’s less about safeguarding sensitive information and more about creating a market for exploit tools,” he said.

NSS Labs is planning a phased-release approach to vetted buyers and is aiming to open the store in October, Moy said. Interested parties can sign up by contacting exploithub@nsslabs.com.


Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago