Dark Reading reports ...
Discover a security flaw in a major application or system? You can't sell it on eBay. But starting this week, you can sell it on a new auction site that's not too much different.
WabiSabiLabi, whose marketplace opened for trading on Tuesday, is aiming to change the back-room market for security vulnerabilities and move it into the mainstream. Any researcher who finds a flaw can register to sell it on WSLabi's marketplace. WSLabi, a "neutral, vendor-independent Swiss laboratory," checks out the vulnerabilities and verifies their validity in its own labs before allowing them to be auctioned.
...
The marketplace's founders say they believe the "ethical disclosure" policy followed by many security researchers is costing them money. "The system introduced by 'ethical disclosure' has been historically abused by both vendors and security providers in order to exploit the work of security researchers for free," the auction site says.
"This happens only in the IT security field," the site states. "Nobody in the pharmaceutical industry is blackmailing researchers (or the companies that are financing the research) to force them to release the results for free under an ethical disclosure policy.