Dailydave mailing list archives
RE: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow.
From: john blumenthal <jblumen () xmission com>
Date: Thu, 09 Jun 2005 14:08:04 -0600
This was indeed part of that conversation ;-). fwiw I'm working on an op-ed piece on this that I'd like anyone interested on this list to review prior to publication. Email if you want me to send it to you. I personally think there is more money in exploit auctions for many of the people on this list -- you are literally selling yourselves short. The business model you should be adopting is not Gartner research re-selling but eBay. Let the market and its invisible hand determine not only the price for your research but also the re-structuring of software license agreements on ownership and liability. At the very least there will be some sharp procurement negotiator out there dealing with a software vendor and evaluating the price of your exploit and whether owning the exploit improves their bargaining power. ;-) The auction model surfaces and disturbs alot of market dynamics in the security industry imho. -----Original Message----- From: Matt Hargett [mailto:matt () use net] Sent: Thursday, June 09, 2005 5:44 AM To: jblumen () xmission com Cc: Dave Aitel; dailydave Subject: Re: [Dailydave] A single line drawn by Picasso, an Iraqi artist,and a buffer overflow. john blumenthal wrote:
A few years back Greg Hoglund and I explored the use of an auction model ("0bay") that would be anonymized while using a verification and
reputation
model much like eBay does today. Some of the recent webmobs resemble this model. Our employer at the time had us tear down the site based on legal advice. ;-) I'd love to put the system back online if some sharp
Stanford
lawyer interested in pro bono work and alot of publicity might donate
their
time to building legal firewalls. I like the idea of auctioning exploits. I think it would shift the
industry
pretty radically since the market's invisible hand should be capable of driving demand for high value exploits. Some economic forces to consider given, say, a package of 0day remote exploits on Oracle: -- would it be more economical for Oracle to QA these, sue you to avoid disclosing, or simply purchase the exploits in an auction (effectively
using
the 0bay site as an outsourced security QA service ;-) ) to take them off the market?
I particularly liked this idea, and still do. Was this part of the ironing we did at Red Rock coffee shop in downtown mt.view? The look on people's faces around us as we discussed was very amusing :) Also, nice vendor shout-out ;> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow., (continued)
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow. Mike Tremoulet (Jun 09)
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow. Chris Kuethe (Jun 09)
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow. Pete Herzog (Jun 09)
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow. byte_jump (Jun 09)
- RE: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow. john blumenthal (Jun 09)
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow. Mike Tremoulet (Jun 09)
- RE: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow. Chris Wysopal (Jun 09)
- RE: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow. john blumenthal (Jun 09)
- RE: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow. Chris Wysopal (Jun 09)
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow. dan (Jun 10)
- Re: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow. Matt Hargett (Jun 09)
- RE: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow. john blumenthal (Jun 09)
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow. Thomas H. Ptacek (Jun 09)
- RE: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow. john blumenthal (Jun 09)
- Re: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow. Blue Boar (Jun 09)
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow. byte_jump (Jun 09)
- Re: A single line drawn by Picasso, an Iraqi artist, and a buffer overflow. Matt Hargett (Jun 09)