Re: Vulnerability Buyer Company
From: crazy frog crazy frog (i.m.crazy.frog_at_gmail.com)
Date: 10/25/05
- Previous message: WINNY THOMAS: "MS05-047 remote DOS (exploit code attached; compiles on linux)"
- In reply to: Jeremy Richards: "RE: Vulnerability Buyer Company"
- Next in thread: mpycube_at_yahoo.com: "Re: Re: Vulnerability Buyer Company"
- Maybe reply: mpycube_at_yahoo.com: "Re: Re: Vulnerability Buyer Company"
- Maybe reply: dave_endler_at_3Com.com: "Re: Re: Vulnerability Buyer Company"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Oct 2005 11:13:09 +0530
hi all,
first sorry if i m asking stupid question.
just wanted to know when some one sells the vulnerability then what
the bying comapny get?does he negotiate with vendor about money or any
other thing?
i mean what they get after purchasing that vulnerability?
------------
regards,
ting ding ting ding ting ding
ting ding ting ding ding
bam bam
i m crazy frog :)
On 10/22/05, Jeremy Richards <jrichards@secure-business-solutions.com> wrote:
> iDefense has become the Tippingpoint/3Com initiative
>
> I'm quite sure ImmunitySec would be interested in bidding on high profile MS
> bugs.. I even suspect eEye would be interested in purchasing a well
> documented security report on a high profile MS bug... it's just good
> marketing.
>
> The market for exploits is in writing IPS signatures and vulnerability
> detection rules (less so)... and of course you have to deal with companies
> that are open to that kind of exchange.
>
> A vendor of security reports is here:
> http://www.assurent.com/index.php/Vulnerability_Research_Portal/41/0/
>
> ...with that said -- they're basically all going to be pretty much the same
> in regards to the reports they are interested in... so a bidding war is your
> best bet ;)
>
> Jer.
>
> -----Original Message-----
> From: mpycube@yahoo.com [mailto:mpycube@yahoo.com]
> Sent: Wednesday, October 19, 2005 12:44 PM
> To: vuln-dev@securityfocus.com
> Subject: Vulnerability Buyer Company
>
> Hello,
>
> i already worked with iDefense but i have seen t hat also 2 other companies
> are buying 0day:
> - www.zerodayinitiative.com
> - www.digitalarmaments.com
>
> The offer of the second one look really interesting. Does anyone has worked
> with those company? which one is better? does exist others company?
>
> thanks guys...
>
> {}
>
>
--
- Previous message: WINNY THOMAS: "MS05-047 remote DOS (exploit code attached; compiles on linux)"
- In reply to: Jeremy Richards: "RE: Vulnerability Buyer Company"
- Next in thread: mpycube_at_yahoo.com: "Re: Re: Vulnerability Buyer Company"
- Maybe reply: mpycube_at_yahoo.com: "Re: Re: Vulnerability Buyer Company"
- Maybe reply: dave_endler_at_3Com.com: "Re: Re: Vulnerability Buyer Company"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
