Dailydave mailing list archives
Re: No more free bugs (and WOOT)
From: Charles Miller <cmiller () securityevaluators com>
Date: Wed, 8 Apr 2009 13:24:01 -0500
At this point I'm not even concerned with making "reasonable" money. I'd be happy with researchers getting any money. (I know there are stopgap solutions like ZDI which is great, but buying bugs is not really their core business) I'd love to see what would happen if nobody reported any bugs for a year. Would the vendors start paying? Would they even care? I don't have the solution, I just know nothing will ever change if the status quo remains. The only thing we can do is stop giving away our work and see what happens. I think the ideal solution would be all the big vendors would have to contribute to some fund (held at CERT or something) which could be used to pay independent researchers who find and report bugs. All I know is I think we have to draw the line now. Charlie On Apr 8, 2009, at 1:17 PM, Joanna Rutkowska wrote:
Charles Miller wrote:Hi everybody. You may have heard some about the No More Free Bugs campaign (http://blog.trailofbits.com/2009/03/22/no-more-free-bugs/ ) Basically, it is the chance for researchers to unite to get paid for the hard work we do. As long as folks continue to give bugs to companies for free, the companies will never appreciate (or reward) the effort. So I encourage you all to stop the insanity and stop giving away your hard work. If you believe in the No More Free Bugs campaign, please include our logo (http://nomorefreebugs.org/ logo.jpg) on all of your presentations at security conferences. I think it would be really great if vendors sat through an entire conference and every talk had this logo on it. I'll definitely have it on my BlackHat Europe slide deck next week.And what exactly is your suggested way of making reasonable money on those bugs? Assuming a legit way, of course? joanna.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- No more free bugs (and WOOT) Charles Miller (Apr 08)
- Re: No more free bugs (and WOOT) Joanna Rutkowska (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) Joanna Rutkowska (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) sinan . eren (Apr 09)
- Re: No more free bugs (and WOOT) Julien TINNES (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) Julien TINNES (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) Joanna Rutkowska (Apr 09)
- Re: No more free bugs (and WOOT) Professor 0110 (Apr 09)
- OWASP Podcast w/ Dave Jim Manico (Apr 10)
- Re: No more free bugs (and WOOT) Sebastian Krahmer (Apr 09)
- Re: No more free bugs (and WOOT) Matthieu Suiche (Apr 09)