Full Disclosure mailing list archives
Re: Responsible disclosure: terms and conditions
From: Paul Vixie <paul () redbarn org>
Date: Sun, 08 Jun 2014 11:23:08 -0700
codeinject.org wrote:
any lawyer will dismiss this in court stating it was signed under duress.
in my proposed model, the only recourse a researcher has against vendor nonperformance is future silence. in your scenario above the lawyer in question would be trying to argue that future silence was in some way inappropriate.
Also it sounds an awful lot like blackmail.
"i wish to enter into a no-fee relationship with you wherein you will receive certain valuable information at no monetary cost. the only requirement you would have to meet in order to receive this and future potentially valuable information is absolute fidelity to this nondisclosure agreement." doesn't sound like blackmail to me, not even a little bit. and i've been sued by experts. and it's what i wish i'd tried instead of doing the BIND Forum (criticized as a form of "pay for play"), back when CMU-CERT's lossy predisclosure chain screwed me for what i swore would be the last fscking time.
I think you should either make the gamble, or let a ZDI, Exodus, VUPEN etc do the disclosure on your behave. or just go full diclosure on them =)
those are all lose-lose propositions. i say shoot for a win-win and let lose-lose be the recourse ("fallback position"). vixie _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Responsible disclosure: terms and conditions Pedro Ribeiro (Jun 08)
- Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
- Re: Responsible disclosure: terms and conditions Daniel Wood (Jun 08)
- Re: Responsible disclosure: terms and conditions Dave Warren (Jun 08)
- Re: Responsible disclosure: terms and conditions Daniel Wood (Jun 09)
- Message not available
- Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
- Re: Responsible disclosure: terms and conditions coderman (Jun 09)
- Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
- Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
- Message not available
- Re: Responsible disclosure: terms and conditions Pedro Ribeiro (Jun 08)
- <Possible follow-ups>
- Re: Responsible disclosure: terms and conditions codeinject.org (Jun 08)
- Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
- Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)
- Re: Responsible disclosure: terms and conditions Eric Rand (Jun 09)
- Re: Responsible disclosure: terms and conditions Paul Vixie (Jun 08)