[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired

To: "J.A. Terranson" <measl@xxxxxxx>
Subject: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
Date: Wed, 27 Jul 2005 18:57:18 +0300

On Tue, Jul 26, 2005 at 09:56:45PM -0500, J.A. Terranson wrote:
> 
> The so called .Zero Day Initiative. is aimed at ensuring the 'responsible'
> disclosure of security flaws in order to make technology more secure for

this is how i interpret "responsible" - you give them the 0day and give up
your consitutional right of "free speech". they give you a few bucks.
very close to the american dream.
then they get richer and "you grow older and they grow colder and nothing 
is very much fun anymore" [1].
the movie "corporation" expliains it to some extent.

> all users. The goal is to proactively protect businesses against newly
> discovered vulnerabilities.
> 

the goal is money, this is the PR version for the users naiive enough to vote
for idiots.

> 3Com will notify affected vendors of security flaws so they can
> immediately begin working on a solution, most often in the form of a

secondary market of bought 0days?

> The company stressed it would share vulnerability details freely with
> other security vendors prior to public disclosure.
> 

hope they don't forget to carbon copy me with the 0days different from CSS.

> Zero day disclosure occurs when the discoverer of the vulnerability
> discloses the flaw to the public without notifying the vendor, putting
> businesses at risk from the time of disclosure until the affected vendor
> issues a patch. It can take vendors weeks or months to supply a patch.
> 

it is legal where i live.

> division, said: "This program will extend our research organization even
> further, and enable us to tap some of the most brilliant minds in the
> global security research community..
>

i believe they will not "tap some of the most brilliant minds".
when one reaches a certain level of expertise and/or experience, the chances
that he is a money whore are low imho.

[1] paraphrased Pink Floyd, "One of my turns"

-- 
where do you want bill gates to go today?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
  - From: James Tucker

References:
- RE: [Full-disclosure] INFOHACKING and illusion brazilian b0ys ownage
  - From: Todd Towles
- Re: [Full-disclosure] INFOHACKING and illusion brazilian b0ys ownage
  - From: Hugo Vazquez Carapez
- [Full-disclosure] Our Industry Is Seriously Ethics Impaired
  - From: J.A. Terranson

Prev by Date: [Full-disclosure] [SECURITY] [DSA 768-1] New phpbb2 packages fix cross-site scripting
Next by Date: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
Previous by thread: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
Next by thread: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
Index(es):
- Date
- Thread