[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
From: Christoph Gruber <grisu@xxxxxxx>
Date: Thu, 28 Jul 2005 11:20:45 +0200

Am Donnerstag, 28. Juli 2005 01:34 schrieb Williams, James K:

> Yes, there is value in sharing it first with the paying
> customers, but there is also great value in eventually disclosing
> it to the public.  Public disclosure == advertising, for both
> the vuln buyer and the vuln discoverer.  I've found that
> commercial entities who deal in 3rd party vulnerabilities usually
> want to share with the public after a few weeks/months.
> Commercial entities who sell vuln audit/scanner/pen-test software
> usually don't want to share all of their exploit code or
> vulnerability information though.  They want to share just enough
> to get people interested in their products/services.

The only workaround for that problem ist to pay the 0day-finder on a 
daily/monthly basis, so he will get 5000[add as much zeros here, as you want] 
USD for every month, the vulnerability ist not fixed.
That will gain enough pain to the industry.

-- 
Grisu
2B OR (NOT (2B)) = FF 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- RE: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
  - From: Williams, James K

Prev by Date: [Full-disclosure] [USN-156-1] TIFF vulnerability
Next by Date: [Full-disclosure] Re: bluetooth devices list ?
Previous by thread: RE: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
Next by thread: [Full-disclosure] MDKSA-2005:125 - Updated clamav packages fix more vulnerabilities
Index(es):
- Date
- Thread