RE: A single line drawn by Picasso, an Iraqi artist,and a buffer overflow.

[john blumenthal <jblumen () xmission com>]

This is an excellent point and taken care of imho by the reputation model
and ranking systems found on auction sites like eBay.

-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com]On Behalf Of byte_jump
Sent: Thursday, June 09, 2005 9:14 AM
To: dailydave
Subject: Re: [Dailydave] A single line drawn by Picasso, an Iraqi
artist,and a buffer overflow.


On 6/9/05, Mike Tremoulet <coffeemike () gmail com> wrote:
> Just one thought to add here:
>
> The big difference to overcome that I see is that, with a physical
> auction, there is a finite (usually one) number of goods on sale.
> Dave's painting could be auctioned because there's only one of them,
> and the painting goes to the highest bidder.
>
> Exploit packs, however, could be more readily copied.  Why sell it to
> the highest bidder when you could sell it to all the bidders?  That
> model relies on the sellers to more or less voluntarily adhere to a
> set of standards (Thou shalt not sell multiple copies...), which
> strikes me as difficult to enforce.
>
> -- Mike


Again, we're back to a supply-demand issue here. If the exploit writer
decides to sell the exploit or rights to the exploit under the table,
and that fact is ever found out, he's effectively removed himself from
any bidders in the future. Who's going to bid on an exploit from
someone who will turn around and sell it under the table to others?

As an aside to this, the exploit writer can also influence the price
of an exploit to some degree. In the world of art, a successful artist
with a reputation for creating fabulous works of art can sell limited
quantity art pieces, where he sells one, two, three, or whatever
number of pieces he wants to sell. If the demand in the market is for
100 of his art pieces and he only makes and sells two, the price of
those two will be quite high.

If, sometime in the future, Mr. Artist decides to sell two more into
the market, the original buyers, who now in effect overpaid for the
original two pieces, would be quite upset and the artist's reputation
in the marketplace would take a hit. His future limited-number pieces
would be understood to mean "limited-number for a few weeks" and that
understanding would be factored into any future prices.

The market itself seems to be the best enforcement for the scenario you
present.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave