| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: emoyle at scsnet.csc.com (Ed Moyle) Subject: Symantec Buys SecurityFocus, among others. On Thursday, July 18, 2002 22:57, Brian Hatch wrote: > This and other 'Protect your code with the DMCA' ideas are interesting. > So we lock down our exploits with crappy encryption, hope someone uses > them, and sue. Hopefully we win, and we get a nice check. > And the DMCA has just been upheld in court. It does make a point about the stupidity of the DMCA, though... Win or lose, there is victory. If you win, somebody stealing your work gets slapped. If you lose, the DMCA is weakened. However, I spent some time thinking about this yesterday, and I've come to the conclusion that I *want* the "good guys" to be able to scan for exploits. If, through my actions, I make it harder for somebody to defend their network or whatever from attack, I don't want that. That's the reason I think most people post vulnerabilities anyway: they want to help the community rather than hurt it. It is just a shame that many companies don't have the same morality, and simultaneously make it harder for the good guys to fight the good fight and make money off of the work that people are freely donating. It is a problem in my opinion. I don't care if I don't get any credit or cash from research; that's not why I do it in the first place. Instead it is about giving back to a community that has given freely to me... -E
Powered by blists - more mailing lists