Re: Call to arms - INFORMATION ANARCHY
From: Carter Mobley (carterm@PUBLICATE.COM)Date: 11/03/01
- Previous message: Scott Gifford: "Re: RussRe: Call to arms - INFORMATION ANARCHY"
- In reply to: Russ: "Re: Call to arms - INFORMATION ANARCHY"
- Next in thread: Luke Kenneth Casson Leighton: "Re: Call to arms - INFORMATION ANARCHY"
- Next in thread: hellNbak: "Re: Call to arms - INFORMATION ANARCHY"
- Next in thread: Greg Lara: "Re: Call to arms - INFORMATION ANARCHY"
- Reply: Luke Kenneth Casson Leighton: "Re: Call to arms - INFORMATION ANARCHY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <002301c16409$3cec7fe0$0201a8c0@jkjk.com> Date: Fri, 2 Nov 2001 20:45:37 -0500 From: Carter Mobley <carterm@PUBLICATE.COM> Subject: Re: Call to arms - INFORMATION ANARCHY To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
If Microsoft would simply offer cash rewards to vulnerability discoverers,
conditioned on the discoverer promising to never disclose to a third party,
I think the problem is solved quite nicely. For Microsoft, it's a cost of
doing business, they can add it to the price of the software. All we need is
a price list. What about this one?
A. $25,000.00 for bringing down a fully patched web server
B. $50,000.00 for accessessing database records without setting off any
alarms on a fully patched SQL server.
C. $10,000.00 for accessing private information from a fully patched windows
XP home edition.
etc...
If we assume that over the course of the next 5 years that 100 A type
vulnerabilities and 100 B type vulnerabilities are found, reported
responsibly, and fixed by Micorosoft, it cost Microsoft a total of 7.5
million dollars in reward money to protect their customers, all
vulnerabilities remaining 100 percent undisclosed.
Any rational objections to this simple, inexpensive, yet effective plan?
Carter Mobley
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
ntivirus.com/smex2000_rebate
- Previous message: Scott Gifford: "Re: RussRe: Call to arms - INFORMATION ANARCHY"
- In reply to: Russ: "Re: Call to arms - INFORMATION ANARCHY"
- Next in thread: Luke Kenneth Casson Leighton: "Re: Call to arms - INFORMATION ANARCHY"
- Next in thread: hellNbak: "Re: Call to arms - INFORMATION ANARCHY"
- Next in thread: Greg Lara: "Re: Call to arms - INFORMATION ANARCHY"
- Reply: Luke Kenneth Casson Leighton: "Re: Call to arms - INFORMATION ANARCHY"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
