Full Disclosure mailing list archives
Re: Office 0day
From: Jared DeMott <demottja () msu edu>
Date: Mon, 25 Jun 2007 16:30:43 -0400
secure poon wrote:
*Proposition* Microsoft is a 280+ billion dollar corporation. Why don't/can't they have a standard ransom fee for security flaws? 0day Remote OS flaw: $1,000,000 0day IE explorer flaws that give administrative shells: $200,000 0day (other flaws) that affect other products (ie office): $200,000 etc..(these fees could be much higher) Provided the person who discovered the vulnerability gives a full working patch, Then Microsoft could patch the hole right away and people could update. (yes i know lots of people don't update but at least it is a start, and then legally they would be so liable). Maybe this concept isint new and I am just in the dark about it. *Question* ** Why does'nt Microsoft (or any company) do this? And also has Microsoft ever been held criminaly liable for negligence in a criminal case for not patching a flaw leading to a security breach? Or is there team of lawyers just to much for any normal person?
All I can say is AMEN. Having to sell to TPs, iDefs, and Nation States is so much more painful. Jared :)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Office 0day toto . toto (Jun 25)
- Re: Office 0day Valdis . Kletnieks (Jun 25)
- Re: Office 0day Kradorex Xeron (Jun 25)
- Re: Office 0day secure poon (Jun 25)
- Re: Office 0day Jared DeMott (Jun 25)
- Re: Office 0day Valdis . Kletnieks (Jun 25)
- Re: Office 0day phpninja (Jun 25)
- Re: Office 0day Troy (Jun 25)
- Re: Office 0day phpninja (Jun 25)
- Re: Office 0day kefka (Jun 25)
- Re: Office 0day secure poon (Jun 25)
- Re: Office 0day Valdis . Kletnieks (Jun 25)