lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200208060116.VAA23074@linus.mitre.org>
From: coley at linus.mitre.org (Steven M. Christey)
Subject: Re: it\'s all about timing

choose.a.username@...hmail.com said:

>Who is doing who the favor. Someone who spends hundereds of dollars or
>thousands of dollars and finds a problem in that vendors product. Or
>the vendor for allowing you, the customer, to buy their product? You
>should be honored by giving your hard earned money to me the
>vendor. Here take my product and tough shit if it doesn't work well.
>
>How about fuck the vendor. Find a bug, post away 0-day? Or give me
>money back for the defective product you sold me plus compensation for
>the time and effort it took me to fix the problems your software did
>on my machine.

I'm just curious, do people on this list think that freeware vendors
should be treated differently than this?  Do you think they should be
given more (or less) time to address the issues?  How about commercial
vendors whose products are open source?  How much does a vendor's past
performance (or the perception of past performance) come into play?

- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ