NSS Labs Plans to Launch Online Exploit Market

NSS Labs Plans to Launch Online Exploit Market

The company plans to keep the operation as ethical as possible by vetting all buyers and testing that every submitted exploit works as advertised.

NSS Labs, a company specializing in anti-malware testing, plans to expand its business by launching an online marketplace for exploits next month.

The platform will be called Exploit Hub and will allow security researchers to sell exploit code for known vulnerabilities to penetration testers and other security companies.

Its no secret that black hat hackers are already doing this and are selling exploits to cybercriminals on the underground market.

The bad guys already have this stuff. We’re trying to level the playing field,” NSS Labs President Rick Moy, commented for Dark Reading.

The company plans to keep the operation as ethical as possible by vetting all buyers and testing that every submitted exploit works as advertised.

In addition, no zero-days will be allowed. These are exploits that target unpatched vulnerabilities and are usually more valuable to cybercriminals than pen testers.

The purpose of penetration testing is to identify security problems on corporate systems and networks that can be addressed, not those which have no solution from vendors.

There are already companies like Immunity, Core Security and Rapid7, that sell exploits as part of specialized commercial tools.

Similar attack code is constantly added to the open source Metasploit framework. However, exploit availability is still very limited compared to the number of publicly known flaws.

Over the past five years, there have been over 14,000 high-risk or critical vulnerabilities and if you look at the tools and count how many exploits in them, there are maybe 1,000,” Moy pointed out.

This forces many penetration testers to write their own exploits, which is a waste of precious time that could be better put to use for actual testing.

NSS Labs plans to launch Exploit Hub at the end of October and will retain a 30% commission from every transaction for its brokering role.

Some security researchers are open to the idea, especially since at the moment they are releasing most of their work for free.

If they do it right this gives guys in my position a venue to put our stuff out there and make some money,” Mario Ceballos, an exploit writer and penetration tester at Northrop Grumman, told Forbes.

Read original article at Softpedia ->

About Dustin D. Trammell

Dustin D. Trammell is the founder of both the annual BodyHacking Convention (BDYHAX) as well as the monthly BHAT COLONY (BodyHackers of Austin Texas) meetup. Dustin has also founded many other successful hacker and technology groups and events such as the InfoSec Southwest (ISSW) hacker conference now in it’s 6th year and the long-running Austin Hackers Anonymous (AHA!) meeting which just recently celebrated it’s first decade and has spawned dozens of “*HA!” offshoot meetings all across the country. Dustin is also a venture capitalist, entrepreneur, hacker, information security researcher, events producer, party host, gamer, game designer, and puzzlecrafter. Dustin further self-identifies as a bodyhacker through aesthetic body modification, wearable technology, health and nutritional supplementation, and quantified self practices.
This entry was posted in News. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s