Vulnerability Development mailing list archives

RE: Vulnerability Buyer Company

From: hellNbak <hellnbak () nmrc org>
Date: Tue, 25 Oct 2005 17:15:34 -0500 (CDT)

On Sat, 22 Oct 2005, Jeremy Richards wrote:

iDefense has become the Tippingpoint/3Com initiative


No,

iDefense and Tippingpoint/3COM are two seperate programs.

http://www.idefense.com/poi/teams/vcp.jsp  and
http://www.zerodayinitiative.com

Two simular but different programs.

I'm quite sure ImmunitySec would be interested in bidding on high profile MS
bugs..

I even suspect eEye would be interested in purchasing a well
documented security report on a high profile MS bug... it's just good
marketing.

You would suspect wrong. eEye does not purchase vulnerability informationas they have their own research team.

...with that said -- they're basically all going to be pretty much the same
in regards to the reports they are interested in... so a bidding war is your
best bet ;)


Why not just report it to the vendor and have it fixed?

Current thread:

Vulnerability Buyer Company mpycube (Oct 20)
- Re: Vulnerability Buyer Company KF (lists) (Oct 20)
- RE: Vulnerability Buyer Company Jeremy Richards (Oct 24)
  - Re: Vulnerability Buyer Company crazy frog crazy frog (Oct 25)
  - RE: Vulnerability Buyer Company hellNbak (Oct 26)
- <Possible follow-ups>
- Re: Re: Vulnerability Buyer Company mpycube (Oct 31)
- Re: Re: Vulnerability Buyer Company dave_endler (Oct 31)