Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Our Industry Is Seriously Ethics Impaired

From: Christoph Gruber <grisu () guru at>
Date: Thu, 28 Jul 2005 11:20:45 +0200
Am Donnerstag, 28. Juli 2005 01:34 schrieb Williams, James K:


Yes, there is value in sharing it first with the paying
customers, but there is also great value in eventually disclosing
it to the public.  Public disclosure == advertising, for both
the vuln buyer and the vuln discoverer.  I've found that
commercial entities who deal in 3rd party vulnerabilities usually
want to share with the public after a few weeks/months.
Commercial entities who sell vuln audit/scanner/pen-test software
usually don't want to share all of their exploit code or
vulnerability information though.  They want to share just enough
to get people interested in their products/services.


The only workaround for that problem ist to pay the 0day-finder on a 
daily/monthly basis, so he will get 5000[add as much zeros here, as you want] 
USD for every month, the vulnerability ist not fixed.
That will gain enough pain to the industry.

-- 
Grisu
2B OR (NOT (2B)) = FF 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: