| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Aug 2007 21:48:06 -0400 From: "Sol_Invictus" <sol@...eyoubeentested.org> To: "'Robert Kim Wireless Internet Advisor'" <evdo.hsdpa@...il.com>, "'Jared DeMott'" <demottja@....edu> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Right, or wrong? Gates doesn't have bugs... He has Features! ;-) My 2 cents? Anyone trying to sell a bug to the vendor with the problem is extortion. Feel free to sell it to others, but only AFTER giving the vendor a chance to fix it. If the vendor ignores you then that's what FD is all about... but please lets be responsible out there! -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Robert Kim Wireless Internet Advisor Sent: Tuesday, August 07, 2007 8:06 PM To: Jared DeMott Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Right, or wrong? Ask gates what his business position is regarding bugs On 8/7/07, Jared DeMott <demottja@....edu> wrote: > All: > > So, I've tried the vendor pay model for bug hunting and it wasn't always > well received. Apparently auction sites and 3 party purchasers are > fine, but some folks don't like the idea of selling directly to the > vendor. I was thinking that this would be ideal since the vendor would > have the most interest in knowing about/fixing the bug. My question to > the list is this: > Is it morally right, wrong, don't know, don't care, good business, bad > business, etc.? Either way we're moving away from that model, but I was > just curious how others on FD see it. > > Blessings, > Jared > -- Robert Q Kim, Wireless Internet Provider http://evdo-coverage.com/satellite-wireless-internet.html http://groups.google.com/group/unpaid-overtime 2611 S. Pacific Coast Highway 101 Suite 203 Unpaid Overtime Dept Cardiff by the Sea, CA 92007 206 984 0880 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists