Vulnerability Development mailing list archives
RE: 0-day exploit..do i hear $1000?
From: "Steve" <steve () securesolutions org>
Date: Thu, 18 Oct 2001 14:24:55 -0600
I stand corrected. Read in an e-zine that you are a "security consultant". Assumed it was your own company.
I had a teacher back in high school who used to say "Never assume, you make an ASS out of U and ME". Still, I don't see your point, so what if RFP had his own consulting company? Are you saying that if he has his own vacuum cleaner company we would see all kinds of zero day vacuum exploits? That's a pile of crap, *most* of the researchers I have come into contact with in my career do their research primarily because it is interesting to them *not* to simply start up a consulting firm and make some money. Yes, some of us are forced to do things like pay bills and support families, consulting is one of those ways but consulting should not be the reason behind the research. If it was, most would be like a certain start up that releases vague white papers and only gives full details to their paying customers.
So do we. We just also want to make a living doing it. We don't rape the industry - we contribute where we can.
There is nothing wrong with making a living. But there is something wrong with doing research just to promote your business. In my opinion anyways.
RFP, the way I see this business is like this. You do your job, try to do it better that the dude next door, build cutting edge technology, release it to the public (as its stupid to think that no-one else will get it anyhow) and use it to get your company name out there, while you contributing to the industry as a whole. Does that mean selling out? I hope not.
It doesn't mean selling out, but its organizations who care more about the press they will get vs. the good they can do who cause Microsoft to write articles like the "Information Anarchy". Your research should not be to simply get your company name out there, it should be to better arm the IT community and help them protect themselves. There is nothing wrong with making sure your company name is on an advisory, but there is something very wrong in doing the research just to prove how smart your employees are.
Current thread:
- 0-day exploit..do i hear $1000? RT (Oct 18)
- Re: 0-day exploit..do i hear $1000? Jonathan M. Smith (Oct 18)
- Re: 0-day exploit..do i hear $1000? Fyodor (Oct 18)
- Message not available
- RE: 0-day exploit..do i hear $1000? Scoubidou (Oct 18)
- Re: 0-day exploit..do i hear $1000? Joe G. (Oct 18)
- RE: 0-day exploit..do i hear $1000? Ron DuFresne (Oct 18)
- RE: 0-day exploit..do i hear $1000? Scoubidou (Oct 18)
- Re: 0-day exploit..do i hear $1000? dullien (Oct 19)
- <Possible follow-ups>
- Re: 0-day exploit..do i hear $1000? rain forest puppy (Oct 18)
- Re: 0-day exploit..do i hear $1000? RT (Oct 18)
- RE: 0-day exploit..do i hear $1000? Steve (Oct 18)
- RE: 0-day exploit..do i hear $1000? (a net admins 2 cents) leon (Oct 20)
- Re: 0-day exploit..do i hear $1000? security curmudgeon (Oct 20)
- Re: 0-day exploit..do i hear $1000? bacano (Oct 21)
- Re: 0-day exploit..do i hear $1000? RT (Oct 18)
- Re: 0-day exploit..do i hear $1000? foob (Oct 19)
- Re: 0-day exploit..do i hear $1000? Jose Nazario (Oct 19)
- Re: 0-day exploit..do i hear $1000? H C (Oct 19)
- Re: 0-day exploit..do i hear $1000? Thiago Conde Figueiro (Oct 19)
- Re: 0-day exploit..do i hear $1000? Pedro Miller Rabinovitch (Oct 19)
- Re: 0-day exploit..do i hear $1000? foob (Oct 20)