Dailydave mailing list archives
Re: No more free bugs (and WOOT)
From: sinan.eren () immunitysec com
Date: Wed, 8 Apr 2009 13:27:21 -0500 (EST)
A campaign is not enough. As long as there is not an open and free market for vulnerabilities/exploits, fair value can never be established. ZDI/idefense being both the market maker and the sole buyer is absurd and creates broken system that nobody, serious enough, respects. Fair pricing could only be established with open markets, this is as old as day and night .... Also it is interesting to see on the blog commentary (http://blog.trailofbits.com/2009/03/22/no-more-free-bugs/) certain MS drones acknowledging the usefulness of ZDI/idefense but on the other hand they show extreme efforts to take down a vulnerability auction that was on ebay and not just once, several times in a row (excel anyone?)... I tought this country favored and protected the right to establish fair value for one's creation. -sinan On Wed, 8 Apr 2009, Charles Miller wrote:
Hi everybody. You may have heard some about the No More Free Bugs campaign (http://blog.trailofbits.com/2009/03/22/no-more-free-bugs/ ) Basically, it is the chance for researchers to unite to get paid for the hard work we do. As long as folks continue to give bugs to companies for free, the companies will never appreciate (or reward) the effort. So I encourage you all to stop the insanity and stop giving away your hard work. If you believe in the No More Free Bugs campaign, please include our logo (http://nomorefreebugs.org/logo.jpg) on all of your presentations at security conferences. I think it would be really great if vendors sat through an entire conference and every talk had this logo on it. I'll definitely have it on my BlackHat Europe slide deck next week. Also, I'd like to announce the CFP for the 3rd USENIX Workshop on Offensive Technologies (WOOT '09). Check it out at http://www.usenix.org/event/woot09/cfp/ . This is the only conference around that brings industry and academic security folks together. Its a chance for industry researchers to show off their work to the academic community and vice versa - I'm being very kind here to academia ;) Planning on submitting something cool to BH USA? Submit it here too and present it again a week later. It would be great if WOOT became a showcase of the best research of the previous year. By the way, I've decided instead of getting a blog or twitter account, I'll just send emails on daily dave! Take care, Charlie _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- No more free bugs (and WOOT) Charles Miller (Apr 08)
- Re: No more free bugs (and WOOT) Joanna Rutkowska (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) Joanna Rutkowska (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) sinan . eren (Apr 09)
- Re: No more free bugs (and WOOT) Julien TINNES (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) Julien TINNES (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) Charles Miller (Apr 09)
- Re: No more free bugs (and WOOT) Joanna Rutkowska (Apr 09)
- Re: No more free bugs (and WOOT) Professor 0110 (Apr 09)
- OWASP Podcast w/ Dave Jim Manico (Apr 10)
- Re: No more free bugs (and WOOT) Sebastian Krahmer (Apr 09)
- Re: No more free bugs (and WOOT) Matthieu Suiche (Apr 09)