Security researchers who find holes in software can now sell their findings to the highest bidder.
An online auction house has been created to bring together those who find the loopholes with the companies that can do something about them.
It aims to close the gap between the small number of bugs investigated and the huge number thought to exist.
By rewarding researchers, the auction house aims to prevent flaws getting in to the hands of hi-tech criminals.
In early 2006 anti-virus firm Kaspersky Labs revealed that Russian hackers had been selling the Windows WMF vulnerability for $4000 (£2,000).
The loophole was offered for sale weeks before it was widely known about and long before Microsoft moved to close it.
The independent auction house, called WabiSabiLabi, aims to staunch the flow of vulnerabilities to the underground by giving security researchers a legitimate marketplace for what they find.
"Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals," said Herman Zampariolo, head of the auction site.
He added that it could tempt many researchers to report findings they would otherwise keep quiet about. In this way it hopes to ensure many more vulnerabilities get reported.
"Very few of them are able or willing to report it to the 'right' people due to the fear of being exploited," said Mr Zampariolo.
Once a vulnerability is reported, WSLabi will confirm it is real and that it can be exploited. After this it will be placed on the auction site where it can be sold to the highest bidder or sold to just one firm.
WSLabi said it would ensure that all those who buy the vulnerabilities were legitimate.
The first vulnerabilities posted to WSLabi are selling for between 500 (£340) and 2000 (£1,350) euros.
Many other companies, such as iDefense and Tipping Point, run schemes that give cash rewards to security researchers who find serious loopholes in widely used software.
The Mozilla Foundation, which oversees development of the Firefox browser amongst other things, gives a t-shirt and a $500 (£250) bug bounty to anyone finding a critical vulnerability in its software.
-
Will Tommy Robinson put ‘Christ back into Christmas’?
-
Large crowds join Tommy Robinson's Christmas carol service
-
'See No Evil' documentary to shine a light on John Smyth abuse
-
Why Jesus is the true meaning of Christmas
-
Teacher fired after telling Muslim pupil Britain is a Christian country
-
Hundreds of churches in Germany being targeted with vandalism and theft
Most Popular
News
The Anglican worldview of Jane Austen’s life and novels
16 December 2025 marks the 250th anniversary of the birth of novelist Jane Austen, who was born in southern England in 1775. Her novels are steeped in biblical analogy and practical theology. This is the story…
Almost half of UK adults plan to attend church this Christmas, new poll finds
Churches across the UK are expecting fuller pews this Christmas, as new research suggests a significant rise in the number of people planning to attend services and church-run events over the festive season.
ACNA panel recommends archbishop stand trial
The Board of Inquiry issued a short statement on Friday stating that there was “probable cause to present” ACNA Archbishop Steve Wood “for trial for violation of Canon 2 of this Title.”
Controversial US bishop to give BBC Christmas message
The BBC has invited Bishop Mariann Budde, the US bishop who challenged President Donald Trump at an inauguration service in January, to give a Christmas message.