Dailydave mailing list archives

Re: Announcing the Zero Day Initiative

From: "I)ruid" <druid () caughq org>
Date: Tue, 02 Aug 2005 15:35:10 -0500

On Tue, 2005-07-26 at 00:53 +0100, MindsX wrote:

Heck - I'm definately not gonna get into a slamming match against you
- but the bottom line is that IF I am going to sell a 'sploit [yea as
IF i have the R&D time].... then I might aswell get _maximum_ revenue
from it...


My reply wasn't intended as the beginning of a slamming match (at least
I assume this is a reply to my post, no quote?), I was just making a
point, which I probably didn't make very well.

I don't disagree.... after a few beers with a few peeps that might
view this list earlier tonight... it is a good thing that you can now
become a professional researcher....

Bottom line tho - IF someone, with a handle and a reputation, stuck a
massively interesting remote exploit up for sale on eBay - it would
get /.'d and then removed :) ...


That was also kinda where I was coming from.  Unless you already have
the rep to back up your research, using a forum where the research is
not verified by a trusted third party only serves the heavy hitters,
thus creating a significant barrier to entry to the new researcher in
the field.  To be useful to everyone, I'm afraid a 3rd party is
necessary, which opens an entirely new can of worms.

I was more refering to the free market... researchers would get 'top
dollar' for their research... whereas this is more of a marketing ploy
by 3Com to get into the 0day race against various private
consultancies who chuck money into people not just the final product -
build an army with conslutants [typo - honest!]... and at the start of
the war - no one surrounds you - as the enemy will always pay more!


I agree, as I'm a capitalist myself.  Having multiple buyers in direct
competition in the market only helps the situation for the sellers, and
also helps determine the actual value of the research that's being
provided.

-- 
I)ruid, C²ISSP
druid () caughq org
http://druid.caughq.org

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

RE: Announcing the Zero Day Initiative, (continued)
- - RE: Announcing the Zero Day Initiative Andrew R. Reiter (Jul 25)
  - Re: Announcing the Zero Day Initiative Etaoin Shrdlu (Jul 25)
    - Re: Announcing the Zero Day Initiative TXS (Jul 25)
    - Re: Announcing the Zero Day Initiative Listas (Jul 26)
- RE: Announcing the Zero Day Initiative Evgeny Pinchuk (Jul 25)
- RE: Announcing the Zero Day Initiative David Endler (Jul 25)
  - Re: Announcing the Zero Day Initiative MindsX (Jul 25)
    - Re: Announcing the Zero Day Initiative I)ruid (Jul 25)
    - Re: Announcing the Zero Day Initiative MindsX (Jul 25)
    - Re: Announcing the Zero Day Initiative Frank Knobbe (Jul 25)
    - Re: Announcing the Zero Day Initiative I)ruid (Aug 02)
- RE: Announcing the Zero Day Initiative Walton, John Michael (John) (Jul 28)