Full Disclosure mailing list archives
Re: Our Industry Is Seriously Ethics Impaired
From: Christoph Gruber <grisu () guru at>
Date: Thu, 28 Jul 2005 11:20:45 +0200
Am Donnerstag, 28. Juli 2005 01:34 schrieb Williams, James K:
Yes, there is value in sharing it first with the paying customers, but there is also great value in eventually disclosing it to the public. Public disclosure == advertising, for both the vuln buyer and the vuln discoverer. I've found that commercial entities who deal in 3rd party vulnerabilities usually want to share with the public after a few weeks/months. Commercial entities who sell vuln audit/scanner/pen-test software usually don't want to share all of their exploit code or vulnerability information though. They want to share just enough to get people interested in their products/services.
The only workaround for that problem ist to pay the 0day-finder on a daily/monthly basis, so he will get 5000[add as much zeros here, as you want] USD for every month, the vulnerability ist not fixed. That will gain enough pain to the industry. -- Grisu 2B OR (NOT (2B)) = FF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Our Industry Is Seriously Ethics Impaired Madison, Marc (Jul 27)
- <Possible follow-ups>
- RE: Our Industry Is Seriously Ethics Impaired Williams, James K (Jul 27)
- Re: Our Industry Is Seriously Ethics Impaired Christoph Gruber (Jul 29)