Full Disclosure mailing list archives

Re: Right, or wrong?

From: monikerd <monikerd () gmail com>
Date: Wed, 08 Aug 2007 09:39:26 +0200

Thierry Zoller wrote:

Dear Jared,

My opinion :

but some folks don't like the idea of selling directly to the
vendor.

It reads a bit like the mob, extorion style. I have a bug, you want it
? Pay me money.


Ps. Nice presentaion @BH

  
because getting it entirely safe is impossible? Getting food bacteria
free is impossible
too, doesn't mean we shouldn't do QA and make sure it's acceptable.

What companies think in this context is their choice. Bug's have a
market value
you can give companies an option to buy it.

Companies want to ignore bugs, because fixing them is not economical. They
can't be angry that we sell them because it's economical.

We are not the bad guys. If we discover a laptop explodes under certain
conditions
due to a bug in the bios. We can't FD it? We shouldn't asses the
marketvalue by
trying to sell it?

riight. The intelligence of security researches shouldn't be ignored
like it is now
it's not a viable economic strategy.

well thats my view at least.  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Right, or wrong? Jared DeMott (Aug 07)
- Re: Right, or wrong? Valdis . Kletnieks (Aug 07)
- Re: Right, or wrong? Robert Kim Wireless Internet Advisor (Aug 07)
  - Re: Right, or wrong? Sol_Invictus (Aug 07)
    - Re: Right, or wrong? Brian Eaton (Aug 07)
- Re: Right, or wrong? Thierry Zoller (Aug 07)
  - Re: Right, or wrong? monikerd (Aug 08)
- Re: Right, or wrong? Fixer (Aug 08)
- Re: Right, or wrong? Byron Sonne (Aug 08)
  - Re: Right, or wrong? Valdis . Kletnieks (Aug 08)
    - Re: Right, or wrong? Byron Sonne (Aug 09)
    - Re: Right, or wrong? J. M. Seitz (Aug 09)
- Re: Right, or wrong? Steven (Aug 08)
- Re: Right, or wrong? ireadit (Aug 08)