Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
From: J u a n (perfectirijillo_at_gmail.com)
Date: Wed, 27 Jul 2005 10:42:21 -0300 To: Adam Jones <email@example.com>
But who's to say who is malicious and who's not?
Besides this is Full Disclosure, and we believe in it.
On 7/27/05, Adam Jones <firstname.lastname@example.org> wrote:
> What exactly is wrong with this? I personally would rather have 3com
> buying up exploits (probably under an agreement for exclusive access)
> instead of having them sold to the highest, probably malicious,
> bidder. Even if someone sells it to both there is a more reputable
> group that has the exploit and can help with mitigation.
> - Adam
> On 7/26/05, J.A. Terranson <email@example.com> wrote:
> > Yet another voice baying at the moon.
> > --
> > Yours,
> > J.A. Terranson
> > firstname.lastname@example.org
> > 0xBD4A95BF
> > "A stock broker is someone who handles your money until its all gone."
> > Diana Hubbard (of Scientology fame)
> > -----------------------------------------------------------------------
> > http://informationweek.com/story/showArticle.jhtml?articleID=166402192
> > 3Com Rewards 'Responsible' Disclosure Of Security Flaws July 25, 2005
> > EMAIL THIS ARTICLE
> > PRINT THIS ARTICLE
> > DISCUSS THIS ARTICLE WRITE TO AN EDITOR
> > The company is planning to reward security researchers who reveal
> > information on newly discovered vulnerabilities.
> > By John Walko
> > EE Times
> > LONDON . Data networking group 3Com is planning to reward security
> > researchers who reveal information on newly discovered vulnerabilities as
> > part of an initiative run by its TippingPoint division.
> > The so called .Zero Day Initiative. is aimed at ensuring the 'responsible'
> > disclosure of security flaws in order to make technology more secure for
> > all users. The goal is to proactively protect businesses against newly
> > discovered vulnerabilities.
> > According to 3Com, many security researchers want to be recognized for
> > their discovery, but they don't always achieve that in a responsible
> > manner. Instead, and all too often, they post the potentially harmful
> > information publicly, catching businesses and vendors off-guard and
> > unprotected.
> > The initiative will recognize researchers for the discovery when the
> > vulnerability is publicly disclosed with the vendor's patch.
> > 3Com will notify affected vendors of security flaws so they can
> > immediately begin working on a solution, most often in the form of a
> > patch. The vulnerabilities will only be disclosed publicly once the
> > affected vendor is able to offer a solution to end users, mitigating the
> > threat.
> > Providing pre-emptive protection will be done through 3Com subsidiary
> > TippingPoint.s Digital Vaccine service.
> > The company stressed it would share vulnerability details freely with
> > other security vendors prior to public disclosure.
> > 3Com CTO Marc Willebeek-LeMair said the initiative would ultimately
> > benefit everyone in the industry: security and technology vendors,
> > security researchers and end users.
> > Vulnerabilities enable attackers to gain control of a system for malicious
> > purposes. They can also result in worms or Denial of Service attacks,
> > which can bring down entire networks.
> > Zero day disclosure occurs when the discoverer of the vulnerability
> > discloses the flaw to the public without notifying the vendor, putting
> > businesses at risk from the time of disclosure until the affected vendor
> > issues a patch. It can take vendors weeks or months to supply a patch.
> > David Endler, Director of Security Research for 3Com's TippingPoint
> > division, said: "This program will extend our research organization even
> > further, and enable us to tap some of the most brilliant minds in the
> > global security research community..
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/