NSS Labs to Open Exploit Marketplace for Security Community

NSS Labs’ Exploit Hub will make exploits for known vulnerabilities available to pen testers and other buyers.

The goal is to close the capabilities gap between the cyber-criminals and white hats, by enabling defenders to perform more comprehensive testing of their defenses.

NSS Labs is planning to open an online store for security exploits.

Through the Exploit Hub, NSS Labs will allow researchers to buy and sell exploits. According to NSS Labs President Rick Moy, the initial set of buyers will be “known quantities” such as penetration-testing companies and security vendors.

“The goal is to close the capabilities gap between the cyber-criminals and white hats, by enabling defenders to perform more comprehensive testing of their defenses,” Moy told eWEEK.

The company will take a 30 percent cut of the sales in exchange for testing and validating the exploits as well as promoting and managing the marketplace. The price of exploits will be driven by demand, with the researchers who submit the exploits deciding on the price tag for their work, Moy added.

“Identities and reputations of companies and individuals will be [a] key factor,” Moy said. “We plan to leverage our long-standing independent position in the information security community and network of peers to vet the participants.”

No zero-day vulnerabilities will be sold through the store, something that distinguishes it from marketplaces like the one previously run by WabiSabiLabi.

“In the end, the efforts required to keep a zero-day secret also work against the concept of an open marketplace,” said HD Moore, chief security officer at Rapid7 and creator of Metasploit. “The NSS approach sounds like a great way for exploit developers to profit from their work and an excellent source of useful tools for penetration testers everywhere. Since they are only dealing with exploits for which vulnerability details are already available, it’s less about safeguarding sensitive information and more about creating a market for exploit tools.”

NSS Labs is planning a “phased release approach to vetted buyers” and is aiming to open the store in October, Moy said. Interested parties can sign up by contacting exploithub@nsslabs.com.

Read original article at eWeek->

About Dustin D. Trammell

Dustin D. Trammell is the founder of both the annual BodyHacking Convention (BDYHAX) as well as the monthly BHAT COLONY (BodyHackers of Austin Texas) meetup. Dustin has also founded many other successful hacker and technology groups and events such as the InfoSec Southwest (ISSW) hacker conference now in it’s 6th year and the long-running Austin Hackers Anonymous (AHA!) meeting which just recently celebrated it’s first decade and has spawned dozens of “*HA!” offshoot meetings all across the country. Dustin is also a venture capitalist, entrepreneur, hacker, information security researcher, events producer, party host, gamer, game designer, and puzzlecrafter. Dustin further self-identifies as a bodyhacker through aesthetic body modification, wearable technology, health and nutritional supplementation, and quantified self practices.
This entry was posted in News. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s