Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Full-disclosure] iDefense Q-1 2007 Challenge

From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 16 Jan 2007 10:35:39 -0800
K F (lists) wrote:

We all know black hats are selling these sploits for <=$25k so why 
should the legit folks settle for anything less? As an example the guys 
at MOAB kicked around selling a Quicktime bug to iDefense but in the end 
we decided it was not worth it due to low pay...

Low Pay == Not getting disclosed via iDefense....


Maybe that's all they are worth to iDefense, since they aren't
monetizing them in the same way blackhats are.

Maybe for some people if they were going to just give them to Microsoft
anyway, a few thousand bucks is worth it.

Me, for example, if I were capable of of finding such vulns, I wouldn't
sell them to the guys writing the drive-by spyware installers. I might
sell it to iDefense or Tippingpoint, though.

                                        BB
Previous By Date Next
Previous By Thread Next

Current thread: