RE: Vulnerability Buyer Company

["Jeremy Richards" <jrichards () secure-business-solutions com>]

iDefense has become the Tippingpoint/3Com initiative

I'm quite sure ImmunitySec would be interested in bidding on high profile MS
bugs.. I even suspect eEye would be interested in purchasing a well
documented security report on a high profile MS bug... it's just good
marketing.

The market for exploits is in writing IPS signatures and vulnerability
detection rules (less so)... and of course you have to deal with companies
that are open to that kind of exchange.

A vendor of security reports is here:
http://www.assurent.com/index.php/Vulnerability_Research_Portal/41/0/

...with that said -- they're basically all going to be pretty much the same
in regards to the reports they are interested in... so a bidding war is your
best bet ;)

Jer. 

-----Original Message-----
From: mpycube () yahoo com [mailto:mpycube () yahoo com] 
Sent: Wednesday, October 19, 2005 12:44 PM
To: vuln-dev () securityfocus com
Subject: Vulnerability Buyer Company

Hello,

i already worked with iDefense but i have seen t hat also 2 other companies
are buying 0day:
- www.zerodayinitiative.com
- www.digitalarmaments.com 

The offer of the second one look really interesting. Does anyone has worked
with those company? which one is better? does exist others company?

thanks guys...

{}