Information Security News mailing list archives
Re: Bug Finders: Should They Be Paid?
From: InfoSec News <isn () c4i org>
Date: Wed, 14 Aug 2002 04:35:40 -0500 (CDT)
Forwarded from: Kurt Seifried <kurt () seifried org> OB disclaimer: I am working for iDefense as a contractor. What I don't get is this: a) iDefense hires someone fulltime as an employee b) iDefense hires someone on a contract basis c) iDefense hires someone on a one time contract basis for work rendered why is option c) bad but a) and b) are ok? You have the exact same problems with hiring people full time to do vulnerability research. At least iDefense is being open about this (i.e. publicly announce they are doing it, give credit, let customers know...), I hate to break it to you guys but many many companies have been buying security information/exploit code/etc on a contract basis for quite some time (and haven't been so public about it). Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Bug Finders: Should They Be Paid? InfoSec News (Aug 12)
- <Possible follow-ups>
- Re: Bug Finders: Should They Be Paid? InfoSec News (Aug 13)
- Re: Bug Finders: Should They Be Paid? InfoSec News (Aug 14)