Penetration Testing mailing list archives

Re: Things to do before vulnerability disclosure

From: Giuseppe Fuggiano <giuseppe.fuggiano () gmail com>
Date: Fri, 19 Jun 2009 09:06:27 +0200

2009/6/18  <noloader () gmail com>:

Yet more interesting reading on the subject. Rather than directly expose yourself to computer crime laws [1], sell 
the information to a security bug broker [2].


Very interesting solution for a single researcher.  What does will do,
then, the security bug broker with my vulnerability?  How do they make
money from it?  This sounds like a (still interesting) workaround.  I
am going to read that page...

-- 
Giuseppe

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Re: Things to do before vulnerability disclosure, (continued)
- - - Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)
    - RE: Things to do before vulnerability disclosure Nick Vaernhoej (Jun 18)
    - RE: Things to do before vulnerability disclosure Paul Melson (Jun 20)
    - RE: Things to do before vulnerability disclosure Paul Melson (Jun 17)
- RE: Things to do before vulnerability disclosure Alex Eden (Jun 16)
- Re: Things to do before vulnerability disclosure nrmaster (Jun 16)
- Re: Things to do before vulnerability disclosure Anthony Cicalla (Jun 16)
- Re: Things to do before vulnerability disclosure noloader (Jun 17)
- Re: Things to do before vulnerability disclosure noloader (Jun 18)
  - Re: Things to do before vulnerability disclosure Adriel T. Desautels (Jun 18)
  - Re: Things to do before vulnerability disclosure Giuseppe Fuggiano (Jun 19)