Vulnerability Development mailing list archives
RE: Vulnerability Buyer Company
From: hellNbak <hellnbak () nmrc org>
Date: Tue, 25 Oct 2005 17:15:34 -0500 (CDT)
On Sat, 22 Oct 2005, Jeremy Richards wrote:
iDefense has become the Tippingpoint/3Com initiative
No, iDefense and Tippingpoint/3COM are two seperate programs. http://www.idefense.com/poi/teams/vcp.jsp and http://www.zerodayinitiative.com Two simular but different programs.
I'm quite sure ImmunitySec would be interested in bidding on high profile MS bugs..
I even suspect eEye would be interested in purchasing a well documented security report on a high profile MS bug... it's just good marketing.
You would suspect wrong. eEye does not purchase vulnerability information as they have their own research team.
...with that said -- they're basically all going to be pretty much the same in regards to the reports they are interested in... so a bidding war is your best bet ;)
Why not just report it to the vendor and have it fixed?
Current thread:
- Vulnerability Buyer Company mpycube (Oct 20)
- Re: Vulnerability Buyer Company KF (lists) (Oct 20)
- RE: Vulnerability Buyer Company Jeremy Richards (Oct 24)
- Re: Vulnerability Buyer Company crazy frog crazy frog (Oct 25)
- RE: Vulnerability Buyer Company hellNbak (Oct 26)
- <Possible follow-ups>
- Re: Re: Vulnerability Buyer Company mpycube (Oct 31)
- Re: Re: Vulnerability Buyer Company dave_endler (Oct 31)