[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] The Auction Site made Forbes.

To: simon@xxxxxxxxxxx (Simon Smith)
Subject: Re: [Full-disclosure] The Auction Site made Forbes.
From: bugtraq@xxxxxxxxxxxxxxx
Date: Mon, 9 Jul 2007 18:23:49 -0400 (EDT)

In a way a larger company (beyond idefense/tippingpoint) getting involved will 
be to our advantage. 
There hasn't been a high profile lawsuit against a vuln researcher for finding 
and selling an 0day
at this point (that I can think of) and it's only a matter of time before it 
happens. A company with a closed 
source product can claim EULA agreement violations as well as IP violations. 
While they may not 
win the lawsuit they will punish you with lawyer fee's potentially bankrupting 
you and I'd rather not 
be the one to test the theory.

By working with an established company as a researcher you may be offered some 
sort of legal protection 
provided by the terms of the agreement with the company you're selling it to, 
if said vulnerable company came 
after you.                          

Regards,
- Robert
http://www.cgisecurity.com/ Website and Application security news         
http://www.webappsec.org/ The Web Application Security Consortium 

> Hadn't thought about it that way... ;]
> 
> Let the fun begin.
> 
> 
> On 7/9/07 4:25 PM, "Valdis.Kletnieks@xxxxxx" <Valdis.Kletnieks@xxxxxx>
> wrote:
> 
> > On Mon, 09 Jul 2007 15:50:16 EDT, Simon Smith said:
> >> Guys,  
> >>     Thought you might like to see this:
> >> 
> >> http://www.forbes.com/home/security/2007/07/06/security-software-hacking-tech
> >> -security-cx_ag_0706vulnmarket.html
> > 
> > Just fsck'ing great.  Now we'll have venture capitalists and arbitrage
> > specialists and all that ilk wanting a piece of the action.  You thought 
> > this
> > was all morally murky *before*, you ain't seen nothing yet. :)
> > 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] The Auction Site made Forbes.
  - From: Valdis . Kletnieks

References:
- Re: [Full-disclosure] The Auction Site made Forbes.
  - From: Simon Smith

Prev by Date: Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)
Next by Date: Re: [Full-disclosure] Full-Disclosure Digest, Vol 29, Issue 14
Previous by thread: Re: [Full-disclosure] The Auction Site made Forbes.
Next by thread: Re: [Full-disclosure] The Auction Site made Forbes.
Index(es):
- Date
- Thread