Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
From: Christoph Gruber (grisu_at_guru.at)
Date: 07/28/05
- Previous message: Martin Pitt: "[Full-disclosure] [USN-156-1] TIFF vulnerability"
- In reply to: Williams, James K: "RE: [Full-disclosure] Our Industry Is Seriously Ethics Impaired"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.grok.org.uk Date: Thu, 28 Jul 2005 11:20:45 +0200
Am Donnerstag, 28. Juli 2005 01:34 schrieb Williams, James K:
> Yes, there is value in sharing it first with the paying
> customers, but there is also great value in eventually disclosing
> it to the public. Public disclosure == advertising, for both
> the vuln buyer and the vuln discoverer. I've found that
> commercial entities who deal in 3rd party vulnerabilities usually
> want to share with the public after a few weeks/months.
> Commercial entities who sell vuln audit/scanner/pen-test software
> usually don't want to share all of their exploit code or
> vulnerability information though. They want to share just enough
> to get people interested in their products/services.
The only workaround for that problem ist to pay the 0day-finder on a
daily/monthly basis, so he will get 5000[add as much zeros here, as you want]
USD for every month, the vulnerability ist not fixed.
That will gain enough pain to the industry.
-- Grisu 2B OR (NOT (2B)) = FF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Martin Pitt: "[Full-disclosure] [USN-156-1] TIFF vulnerability"
- In reply to: Williams, James K: "RE: [Full-disclosure] Our Industry Is Seriously Ethics Impaired"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
