Speaking about a market for vulnerabilies

[Chris Wysopal <weld () vulnwatch org>]

Paying for Flaws Pays Off for iDefense
http://www.eweek.com/article2/0,1759,1772418,00.asp

<snip>

Flaw-finding has generated big business.and invaluable publicity.for the
Reston, Va.-based iDefense. So far this year, the company is credited with
the responsible disclosure of 36 security bulletins, including major flaws
in products sold by Computer Associates International Inc., RealNetworks
Inc. and Apple Computer Inc.

Sutton said that more than 80 percent of all vulnerabilities reported by
iDefense were purchased from private, sometimes anonymous, software
crackers.

"We'll pay for the exclusive intellectual property rights to the research,
and this program works for everyone. The researchers make money for their
work, the vendors get the benefit of responsible advance notices, and the
end users get well-tested patches."

</snip>
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave