| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jul 2005 12:23:58 +1000
From: Matt Palmer <mpalmer@...matt.org>
To: bugtraq@...urityfocus.com
Subject: Re: 3Com launches vulnerability-buying program
On Mon, Jul 25, 2005 at 02:03:51PM +0000, Ghaith Nasrawi wrote:
> as it was announced few minutes ago that "3Com launches
> vulnerability-buying program" (through TippingPoint, a company 3Com
> acquired earlier this year)
>
> http://www.securityfocus.com/news/11253
> http://www.zerodayinitiative.com/
>
> so what do you think about this step? Obviously, they are trying to
> fight public disclosure of security vunl's (that why bugtraq exists)
> and buy the information so they can have 0day signatures to
> TippingPoint IPS solution.
It's probably pretty good for TippingPoint customers. Seems pretty
reasonable from a commercial point-of-view -- if enough extra people buy the
software to offset the cost of the purchases, then it's a win for 3Com. I
doubt that they'll be offering the sort of money that is going to make a
real clueful zombiemaster roll over and play ball, however, so in the same
way that paying police informants hasn't eradicated crime, I don't think
this is going to be a solution to the problem. It's an interesting take on
the situation, though.
- Matt
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists