Re: iDefense Q-1 2007 Challenge

[Simon Smith <simon () snosoft com>]

Well, 
    I guess that miscommunication sums it up and I apologize (publicly) for
being such a snappy brat. For the record though, this isn't something that
the company markets at all. We've been doing this for a while and are very
selective about who we work with. Hence, why there is no real marketing.

    I wanted to test the waters and see what kind of response I could get
from the community. So far, its been very interesting.


On 1/16/07 3:06 PM, "Blue Boar" <BlueBoar () thievco com> wrote:

> Simon Smith wrote:
> > Blue Boar, 
> >     Simply put, and with all due respect, you're wrong.
>
> About? I see basically two assertions in my note; 1) that I would sell
> to iDefense or TippingPoint. Surely you're not going to tell me what I
> would do? And 2) That iDefense isn't doing the same thing that Blackhats
> are. Is the latter one the one you disagree with?
>
> > Furthermore I don't
> > appreciate you directly or indirectly suggesting that these exploits are
> > being sold on the black market, that will never happen on my watch, ever!
>
> If you look carefully, you'll see I was replying to Kevin, who did make
> a comparison to selling to blackhats. I hadn't even seen your note at
> the point, and I wasn't replying to you, and I didn't quote anything you
> wrote.
>
> So I assume you think I was saying that your company is selling to
> blackhats. I wouldn't think you were. Certainly you don't mean to claim
> that, in general, the entire market never sells to blackhats, nor that
> you have any control over what others do.
>
> >     More importantly, the company that I am working with is no different
> > than iDefense. In fact, they both sell their exploits and harvested research
> > to the same people. The only real difference is in the amount of money that
> > the researcher realizes when the transactions are complete. This difference
> > is a direct result of low corporate overhead.
> >
> >     Lastly, all transactions require that the researcher engage the company
> > that I work with in a tight contract. This contract ensures that both
> > parties are legitimate and also protects both parties. They don't do that on
> > the black market do they?
>
> So, is the problem that I didn't realize you guys also bought vulns, and
> that you pay more? No, I had no idea that you did. I guess some better
> marketing is in order. The quarterly challenge thing is pretty good for
> publicity, maybe you guys should do one of those.
>
> BB


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/