Penetration Testing mailing list archives
Re: Things to do before vulnerability disclosure
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 18 Jun 2009 17:12:27 -0400
I just might happen to know a Bug Broker... :) http://www.forbes.com/2007/07/06/security-software-hacking-tech-security-cx_ag_0706vulnmarket.html On Jun 18, 2009, at 3:02 AM, noloader () gmail com wrote:
Yet more interesting reading on the subject. Rather than directly expose yourself to computer crime laws [1], sell the information to a security bug broker [2].I do tend to agree with Matt Murphy in [2]:[the researcher] ... performs a valuable and labor-intensive service in finding bugs, only to give the information to the vendor, in exchange for nothing more than thepromise of a shout-out. Jeff [1] http://www.eff.org/issues/coders/grey-hat-guide [2] http://attrition.org/errata/statistics/stats-29.html ------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ------------------------------------------------------------------------
Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Things to do before vulnerability disclosure, (continued)
- Re: Things to do before vulnerability disclosure Jeffrey Walton (Jun 18)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)
- RE: Things to do before vulnerability disclosure Nick Vaernhoej (Jun 18)
- RE: Things to do before vulnerability disclosure Paul Melson (Jun 20)
- RE: Things to do before vulnerability disclosure Paul Melson (Jun 17)
- Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)
- Re: Things to do before vulnerability disclosure Giuseppe Fuggiano (Jun 19)