Dailydave mailing list archives
Re: Vulnerabilities Market
From: Shane <shane () security-objectives com>
Date: Sun, 23 May 2010 16:20:28 -0700
I would love to see a non-profit initiative. Crediting those who donate vuln/exploit information with tax deductible receipts. Maybe then we would see some real ROI for the research/work put into these things. Let's just call it the CSBS (computer security benevolence society:)? The BS could liaison with CERT, hopefully reducing the overall level of ER. The benefactor can put a suggested price, including justification (not just the perceived market value, but also the value to the industry at large). How about also donating techniques? Sock-re-use shellcode or Heap foo "products" would be nice. I understand the want of "just getting the $", but this is really a no-win situation. Their's _ALWAYS_ losers in that game, I do not know a single vuln-shyster who uses an escrow (Not too many other ways to avoid being held over the barrel here). I could really go on here, please, nobody try to claim that you can have a win-win in this model, it's not happening today. What is the norm is rampaent frustration by the researcher and also the buyers I'm quite sure of this. The CSBS would also drive the mean price up/into reality. If you do not get at least 50% what it is worth, simply donate to the CSBS for the write off. Giving some other intensive to researchers in this area seems to be a logical step towards maturity (market maturity). Let's all grow up (grow = make market bigger)! Shane _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Vulnerabilities Market Jason Syversen (May 19)
- Re: Vulnerabilities Market Michal Zalewski (May 21)
- Re: Vulnerabilities Market Shane (May 24)
- Re: Vulnerabilities Market Steve Shockley (May 24)
- Re: Vulnerabilities Market Shane (May 25)
- Re: Vulnerabilities Market Shane (May 24)
- Re: Vulnerabilities Market Michal Zalewski (May 21)
- Re: Vulnerabilities Market rajat swarup (May 21)
- <Possible follow-ups>
- Re: Vulnerabilities Market Michal Zalewski (May 24)