Dailydave mailing list archives
Re: Lap Dances for All
From: Adam Shostack <adam () homeport org>
Date: Thu, 3 Mar 2005 14:15:51 -0500
On Thu, Mar 03, 2005 at 02:40:18PM -0500, Chris Wysopal wrote: | | | On Thu, 3 Mar 2005 surreal () delusory org wrote: | | > Does the NDA, or anything other than pride, prevent Microsoft from | > joining the VSC and addressing these "tactical nukes" as they're | > deployed? If so, it would be magnanimous to offer MS a special license | > at a reasonable price ($300K too cheap?) that would allow them to share | > the vulnerabilities internally and address them. | | I imagine that Microsoft doesn't want to join a VSC to get vulnerability | information as that would set a precedent with the ultimate result being | 200 VSCs, each with one researcher contributing and charging ever higher | membership fees. But wouldn't that protect their customers better? This may sound like sarcasm, but if Microsoft believes that customers are better protected when vulns are not made public, then perhaps they should bid on exclusivity in new vuln information. Competition between buyers may drive prices up for a while, but 0day that gets distributed will create competition between sellers, driving price back down. This would also create pressure on the discoverers of 0day to disclose it sooner. Admittedly, it might burn some to be paying researcher salaries, but think about the tradeoff. Adam _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Lap Dances for All, (continued)
- Re: Lap Dances for All Jason (Mar 02)
- Re: Lap Dances for All halvar (Mar 02)
- Re: Lap Dances for All Jason (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- Re: Lap Dances for All dan (Mar 03)
- RE: Lap Dances for All Chris Wysopal (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- RE: Lap Dances for All security curmudgeon (Mar 04)