Re: Things to do before vulnerability disclosure

["Adriel T. Desautels" <ad_lists () netragard com>]

I just might happen to know a Bug Broker... :)

http://www.forbes.com/2007/07/06/security-software-hacking-tech-security-cx_ag_0706vulnmarket.html



On Jun 18, 2009, at 3:02 AM, noloader () gmail com wrote:

> Yet more interesting reading on the subject. Rather than directly  
> expose yourself to computer crime laws [1], sell the information to  
> a security bug broker [2].
>
> I do tend to agree with Matt Murphy in [2]:
>    [the researcher] ... performs a valuable and labor-intensive  
> service in finding bugs,
>    only to give the information to the vendor, in exchange for  
> nothing more than the
>    promise of a shout-out.
>
> Jeff
>
> [1] http://www.eff.org/issues/coders/grey-hat-guide
> [2] http://attrition.org/errata/statistics/stats-29.html
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification  
> Review Board
>
> Prove to peers and potential employers without a doubt that you can  
> actually do a proper penetration test. IACRB CPT and CEPT certs  
> require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------



        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------