WSL High End IT Security Research Site 0Days




			*FAQ* Q: Do you trade zero day vulnerabilities? A: First let's use the proper terminology, there is no zero day vulnerability, instead there is Security Research, which is the job of a skilled security researcher. Our scope is to provide an institutional knowledge center in which security researchers can work with end clients to maximize their security perimeter. Q: Who can participate to the marketplace? A: No. The marketplace is closed now. Q: Can everybody contribute with security researches on vulnerabilities? A: Yes, under the condition of no-anonymity and under the condition that the provided security research material must not come from an illegal source/activity. Q: Can everybody purchase vulnerabilities from the marketplace? A: No. The marketplace is closed now. Wslabi is concentrated now on Security Reseach and high end service and consulting provisioning. Q: I'd like to contribute a zero day vulnerability, how can I do it? A: By simply contacting WSLabi commercial partners: Delemont Technology and Security Labs. Please note that prospective researchers will be thoroughly scrutinized before being eventually accepted. Q: I'd like to buy a piece of security research, how can I do it? A: WSLabi does not sell security research “as is it”. The company is now focused on selling high end security services . Please note that prospective clients will be thoroughly scrutinized before being eventually accepted. Q: What is your ethical disclosure policy? A: The system introduced by "ethical disclosure" has been historically abused by both vendors and security providers in order to exploit the work of security researcher's for free. WabiSabiLabi has a not-for-free-disclosure policy, explicitly aiming to protect researchers. The only free information available to both vendors and public will be the general information on each piece of security research, which will be enough to understand the issues introduced by each security research, without disclosing any sensible technical detail. However we let its owner decide if the vendor should be notified or not about the submitted security researches. Q: What guarantees will you give me about the reliability of the security researches when i contribute to the WSLabi network? A: Full guarantee. Every piece of security research is carefully analyzed and replicated in our own laboratories and eventually implemented with our own complementary research material before being placed on the market place. Q: What is the Security Research submission procedure? A: Procedure is: You let us know that you have a Security Research you want to submit, by contacting WSL through its commercial partners Delemont Technology or Security Labs. They send you an NDA in which we state that the Security Research intellectual property belongs to you. You send us a detailed analysis about the Security Research and, if available, a PoC. If the Security Research result can be reproduced in our laboratory and we find it to be interesting we certify it and send you back a consultancy proposal in which we discuss how we can work together.