Dailydave mailing list archives
RE: Announcing the Zero Day Initiative
From: "David Endler" <dendler () tippingpoint com>
Date: Mon, 25 Jul 2005 10:25:55 -0500
Hi Evgeny, If an offer is not accepted by a researcher, 3Com and TippingPoint will not share, leverage, or otherwise use the information in any sense of the word. The actual ZDI submission process involves a mutual NDA to protect the researcher in this way. -dave -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Evgeny Pinchuk Sent: Monday, July 25, 2005 10:48 AM To: David Endler Cc: Halvar Flake; dailydave () lists immunitysec com Subject: RE: [Dailydave] Announcing the Zero Day Initiative Hi Dave, Although you're stating that TippingPoint won't notify about or use vulnerabilities that the offer for them wasn't accepted, are you still going to use it to provide protection through your product? Regards, Evgeny
-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave- bounces () lists immunitysec com] On Behalf Of David Endler Sent: Monday, July 25, 2005 3:06 PM To: Halvar Flake Cc: dailydave () lists immunitysec com Subject: RE: [Dailydave] Announcing the Zero Day Initiative Hey Halvar, By our own standards, 3Com cannot use any vulnerability information or report it to anyone until it is officially purchased. We have more to lose from a trust and legal standpoint: http://www.zerodayinitiative.com/benefits.html "If an offer is not made or an offer is made but not accepted by the researcher, the vulnerability information will remain the property of the researcher and will not be used in the Zero Day Initiative (ZDI) program." -dave -----Original Message----- From: Halvar Flake [mailto:HalVar () gmx de] Sent: Monday, July 25, 2005 7:51 AM To: David Endler Cc: dailydave () lists immunitysec com Subject: Re: [Dailydave] Announcing the Zero Day Initiative Hey all, I have a question regarding the program: Let's assume for some reason the ZDI's bid is too low, what happens with the information ? Is there any guarantee that ZDI does not pass the submitted information to software vendors and/or government organisations without having paid ? It's going to be very tricky to legally enforce security problems as IP. CHeers, Halvar -- 5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail +++ GMX - die erste Adresse f�r Mail, Message, More +++ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Announcing the Zero Day Initiative, (continued)
- Re: Announcing the Zero Day Initiative Steve Lord (Jul 25)
- Re: Announcing the Zero Day Initiative Halvar Flake (Jul 25)
- Re: Announcing the Zero Day Initiative chaff0 Sr. (Aug 04)
- RE: Announcing the Zero Day Initiative Kyle Quest (Jul 25)
- RE: Announcing the Zero Day Initiative David Endler (Jul 25)
- RE: Announcing the Zero Day Initiative Andrew R. Reiter (Jul 25)
- Re: Announcing the Zero Day Initiative Etaoin Shrdlu (Jul 25)
- Re: Announcing the Zero Day Initiative TXS (Jul 25)
- Re: Announcing the Zero Day Initiative Listas (Jul 26)
- RE: Announcing the Zero Day Initiative Evgeny Pinchuk (Jul 25)
- RE: Announcing the Zero Day Initiative David Endler (Jul 25)
- Re: Announcing the Zero Day Initiative MindsX (Jul 25)
- Re: Announcing the Zero Day Initiative I)ruid (Jul 25)
- Re: Announcing the Zero Day Initiative MindsX (Jul 25)
- Re: Announcing the Zero Day Initiative Frank Knobbe (Jul 25)
- Re: Announcing the Zero Day Initiative I)ruid (Aug 02)
- Re: Announcing the Zero Day Initiative MindsX (Jul 25)