Vulnerability auctions compromising security
More security researchers are selling vulnerabilities to the highest bidder rather than disclosing them “responsibly” to the vendor whose products are affected. At a breakfast briefing organised by email security firm MessageLabs on Wednesday, Graham Ingram, general manager of the Australian Computer Emergency Response Team (AusCERT), said that a market where vulnerabilities in software are traded is hotting up and the rewards for researchers can be very tempting. Full Story