BEIJING, July 9 (Xinhuanet) -- A Swiss firm has created a new online auction house called "WabiSabiLabi" (WSLabi) where software security researchers can sell details on unpatched software flaws and their solutions.

The security experts will have to identify themselves to WSLabi at first but they will use a nickname under which they will trade. No personal information will be revealed in the public domain.

WSLabi aims to give software experts a legitimate marketplace to trade the loopholes they find in a software. The firm will sell details only to legitimate buyers to prevent the flaws getting into the hands of hi-tech cirminals.

But to David Perry, Trend Micro's global director of education, it looks like something else. "It's going to be eBay for vulnerabilities," he said. "we're going to peddle vulnerabilities in a winner-takes-all auction. How do we know who's good and who's bad when we do this?"

Four vulnerabilities are on offer (Linux kernel memory leak, Yahoo Messenger remote buffer overflow, Squirrelmail GPG plugin command execution, and MKPortal SQL injection), but only one bid has been made on the Linux and Squirrelmail issues. The 600 euros bid for the Squirrelmail vulnerability is well below its "buy now" price of 1,750 euros.

(Agencies)