Dailydave mailing list archives
RE: Lap Dances for All
From: surreal () delusory org
Date: Thu, 3 Mar 2005 11:47:40 -0700
My media whoring knows no bounds! I studied at the feet of the masters while at @stake though, so I can't claim all the credit. http://software.silicon.com/security/0,39024655,39128296,00.htm
I enjoyed the article, but I have a question that wasn't answered: Does the NDA, or anything other than pride, prevent Microsoft from joining the VSC and addressing these "tactical nukes" as they're deployed? If so, it would be magnanimous to offer MS a special license at a reasonable price ($300K too cheap?) that would allow them to share the vulnerabilities internally and address them. History suggests that they wouldn't be particularly quick about fixing anything. If they're too proud to avail themselves of that opportunity, who could they blame? When they point their dainty finger and screech "irresponsible discloser!", point back and call them "stingy bastards". Personally, I think that the 50 to 100K price tag effectively keeps the vulnerabilities out of the reach of children. That's responsible enough for my taste anyway. *** Rather than post again, I'd also like to state that the _last_ thing that would help, IMO, would be to encourage the Insurance Industry Leaches to latch onto the software industry by making vendors liable for vulnerabilities and damages. Regards, Surreal _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Lap Dances for All, (continued)
- Re: Lap Dances for All Andre Ludwig (Mar 02)
- Re: Lap Dances for All Rodney Thayer (Mar 02)
- Re: Lap Dances for All Jason (Mar 02)
- Re: Lap Dances for All halvar (Mar 02)
- Re: Lap Dances for All Jason (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- Re: Lap Dances for All dan (Mar 03)
- RE: Lap Dances for All Chris Wysopal (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- RE: Lap Dances for All security curmudgeon (Mar 04)