Dailydave mailing list archives
RE: Lap Dances for All
From: surreal () delusory org
Date: Thu, 3 Mar 2005 13:34:37 -0700
-------- Original Message -------- Subject: RE: [Dailydave] Lap Dances for All From: "Chris Wysopal" <weld () vulnwatch org> Date: Thu, March 03, 2005 12:40 pm To: surreal () delusory org Cc: dailydave () lists immunitysec com On Thu, 3 Mar 2005 surreal () delusory org wrote:Does the NDA, or anything other than pride, prevent Microsoft from joining the VSC and addressing these "tactical nukes" as they're deployed? If so, it would be magnanimous to offer MS a special license at a reasonable price ($300K too cheap?) that would allow them to share the vulnerabilities internally and address them.I imagine that Microsoft doesn't want to join a VSC to get vulnerability information as that would set a precedent with the ultimate result being 200 VSCs, each with one researcher contributing and charging ever higher membership fees. -Chris
I heard that MS was friendly with one security outfit for awhile... If a vendor is one of "few" entities willing to pay big bucks for vulns, they're in a good position to negotiate. Pay enough to keep researchers loyal to them (ie, not pimping their vulns for a quick hundred) and everyone wins. If high-value VSCs emerge and vendors join them, they've effectively outsourced/offshored some QA work. How many hotshot vulnerability analysts can anyone hire for $100K a year? They might eventually say "trustworthy computing" and not have people snicker at them. <don tinfoil hat> Of course, nobody's actually said that MS isn't a member. "someone" might be under a contractual obligation to disavow any relationship. He might even have a remotely-triggerable... Has anyone _watched_ Dave go through airport security lately? </hat> Surreal _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Lap Dances for All, (continued)
- Re: Lap Dances for All Jason (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- Re: Lap Dances for All Ejovi Nuwere (Mar 02)
- RE: Lap Dances for All Maynor, David (ISS Atlanta) (Mar 02)
- Re: Lap Dances for All Chris Wysopal (Mar 03)
- Re: Lap Dances for All dan (Mar 03)
- RE: Lap Dances for All surreal (Mar 03)
- RE: Lap Dances for All Chris Wysopal (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- RE: Lap Dances for All security curmudgeon (Mar 04)
- RE: Lap Dances for All Chris Wysopal (Mar 03)
- RE: Lap Dances for All surreal (Mar 03)