lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3BD76687A1CBD74097E37CB67263AE973559B0@scsetbmail.scsnet.csc.com>
From: emoyle at scsnet.csc.com (Ed Moyle)
Subject: Symantec Buys SecurityFocus, among others.


On Thursday, July 18, 2002 22:57, Brian Hatch wrote:

> This and other 'Protect your code with the DMCA' ideas are
interesting.
> So we lock down our exploits with crappy encryption, hope someone uses
> them, and sue.  Hopefully we win, and we get a nice check.

>	And the DMCA has just been upheld in court.

It does make a point about the stupidity of the DMCA, though...  Win or
lose, there is victory.  If you win, somebody stealing your work gets
slapped.  If you lose, the DMCA is weakened.

However, I spent some time thinking about this yesterday, and I've come
to the conclusion that I *want* the "good guys" to be able to scan for
exploits.  If, through my actions, I make it harder for somebody to
defend their network or whatever from attack, I don't want that.  That's
the reason I think most people post vulnerabilities anyway: they want to
help the community rather than hurt it.  It is just a shame that many
companies don't have the same morality, and simultaneously make it
harder
for the good guys to fight the good fight and make money off of the work
that people are freely donating.  It is a problem in my opinion.  I
don't
care if I don't get any credit or cash from research; that's not why I
do
it in the first place.  Instead it is about giving back to a community
that has given freely to me...

-E

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ