Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is a great idea. Directly and publicly monetize security bugs. This is technical debt in terms of real, hard, cold cash.

As a community it makes sense to embrace this. As vendors (and especially people who develop apps for walled gardens) start seeing real-world feedback on platform security, we can all make more informed choices. It also incentivizes the hell out of companies to make their stuff more secure. Terrific concept. This shouldn't be some kind of dark grey-market site. It should be on a web location as visible as E-bay. (owned by somebody with no skin in the game)

For those of you arguing that such information can and does kill people, I feel your pain. But you can't hide knowledge. There will be a market whether or not there's a Forbes article about it. The only difference is whether you know about these vulnerabilities or you don't. A big, public market lets everybody see how crappy the things we use are. A secret, government-controlled market keeps all of that critical information away from the very people who need it. If the Syrian government is using security exploits to kill dissidents, all the more reason to let the sun shine in.



Just as important as the 0days themselves is keeping public who bought them. 0days, in many cases, are weapons. By keeping this market and it's transactions in the open perhaps we can keep the purchasing parties a little less evil, or at least drive up their costs.

This market, to me, looks very similar to the weapons industry. The more open it is the better for everybody. The other commenters are correct, this market isn't going anywhere. We may as well shed light on it.


> Just as important as the 0days themselves is keeping public who bought them.

That sounds ridiculous, I think. As soon as that is made public, there will instantly appear another market where that info is not made public, and most buyers will switch to that new market, sellers will follow as well.


The more public the market is, the less effective it is. WabiSabiLabi tried (and failed) to create an eBay for exploits years ago. The item of value is the information, not necessarily the code. As such, the more information is provided gratis, the less it is worth overall. In theory, a nice principle, but it is directly opposed to the forces that drive the market.


I don't see how you can reveal the buyer. It doesn't take much effort to buy through a proxy entity.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: