FrSIRT Puts Exploits up for Sale

The go-to site for exploits and proof-of-concept code has shut down public access to its database and launched a paid-subscription service.

Independent security research outfit is putting its database of security exploits behind the paid curtain.

FrSIRT, previously known as K-Otik, has shut down the public exploits section of its Web site and announced that all exploits and proof-of-concept code will be sold through its subscription-based VNS (Vulnerability Notification Service).

The 3-year-old company, which operates out of Montpellier, France, is considered the go-to place for finding exploit code for known software vulnerabilities and has been a thorn in the side of many vendors, including Microsoft.

FrSIRT describes itself as the trusted center for the collection and dissemination of information related to network threats, vulnerabilities, exploits and incidents, but critics say the companys open approach to releasing harmful exploit code borders on "irresponsible disclosure."

/zimages/5/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

The new FrSIRT VNS offers round-the-clock monitoring of new vulnerabilities and threats, and promises real-time access to a Web-based security alerting service.

/zimages/5/28571.gifDoes paying for exploit information undermine security? Click here to read more.

The alerts are delivered through a Web portal, XML feeds and e-mail subscriptions. Subscribers will also get an online vulnerability scanner and scheduler with which to run security scans on a regular basis to check for security vulnerabilities.

/zimages/5/84833.gifZiff Davis Media eSeminars invite: Learn how to proactively shield your organizations against threats at all tiers of the network, Symantec will show you how, live on March 21 at 4 p.m. ET. Sponsored by Symantec.

FrSIRT said pricing for the service will vary based on the number of users that will be licensed to receive the alerts and access the exploit code samples.

The new service is part of a growing trend among third-party researchers to profit from code auditing work. Companies like iDefense and Tipping Point have found a lucrative business in purchasing the rights to information on vulnerabilities.

Dutch security firm Frame4 Security Systems is also getting into the malware-for-sale market, launching a project called MD:Pro that offers access to thousands of downloadable malware samples.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.