Chat directly with me if you want. Go to my
Chat page to find a web messenger!
Well, only partly. I commented several times already about WabiSabiLabi. I especially like their statement "closer to zero risk". At the moment there is an SAP vulnerability at stake. It is initially priced on €4'000. If you read their blog, Focus on: SAP MaxDB remote code execution, it seems to be clear that is vulnerability is a very high risk. So in order to get "closer to zero risk" they sell it to whomever is ready to spend enough money (e.g. organized crime) – I still question their view of the world…
I actually didn’t like the idea of WabiSabiLabi and I am totally against it. The recent report from IBM ISS disclosed that cyber crime is getting more and more organized day by day. We need to understand that this vulnerability can be purchased by any company, bad guys or member of organized crime to set up an attack on targeted company using that vulnerability. That is not closer to Zero day…it is actually going far from Zero Day….WabiSabiLabi should change their slogan to: Supporting Bad Guys in going ahead of Zero Day…
Also, keeping in mind WabiSabiLabi wants bad guys or researchers getting paid for piece of work they are doing and I like that idea but reward should be given by the rightful owners of the software not by some third party company like WabiSabiLabi.