| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: choose.a.username at hushmail.com (choose.a.username@...hmail.com) Subject: Re: it\'s all about timing -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 5 Aug 2002 21:16:53 -0400 (EDT), full-disclosure@...ts.netsys.com wrote: >choose.a.username@...hmail.com said: > >>Who is doing who the favor. Someone who spends hundereds of dollars or >>thousands of dollars and finds a problem in that vendors product. Or >>the vendor for allowing you, the customer, to buy their product? You >>should be honored by giving your hard earned money to me the >>vendor. Here take my product and tough shit if it doesn't work well. >> >>How about fuck the vendor. Find a bug, post away 0-day? Or give me >>money back for the defective product you sold me plus compensation for >>the time and effort it took me to fix the problems your software did >>on my machine. The best person to answer your question is you. You're the author of these guidlines. You'll need to address the motivations of everyone involved. As difficult as bottleing wind which is why the guidlines simply cannot work. You could include: a) one man show software developer in his musty basement, makes free app. goes out and spams the hell out of everyone claiming it is the greatest invention. Irritated by his behaviour, someone may poke a hole in his product and 0-day it b) one man show software developer in his musty basement, makes free app. releases by word of mouth or "viral" marketing. his behaviour may not irritate someone and, even if a hole is poked, he is informed quietly c) massive commercial developer, continually churning out product that is continually flawed, sitting on billions of dollars cash while the owner runs around the world with an unsettling grin and walking into cream pies whereever he goes. This behavior might irritate someone to and motivate them to poke a hole in their product and slam it wherever possibl and whenever possible d) massive commerical developer continually churning out product that is consistantly not flawed, sitting on billions of dollars cash, plowing it into research and delopement and quality control. Known for caring about their product and taking pride in their product and listening to their customers. In other words caring. This behaviour might not irritate someone and even if a hole is poked in their product, they are informed quietly. The list could be endless. To each his own and once again, why your guidliness simple cannot fit. > >I'm just curious, do people on this list think that freeware vendors >should be treated differently than this? Do you think they should be >given more (or less) time to address the issues? How about commercial >vendors whose products are open source? How much does a vendor's past >performance (or the perception of past performance) come into play? > >- Steve >_______________________________________________ >Full-Disclosure - We believe in it. >Full-Disclosure@...ts.netsys.com >http://lists.netsys.com/mailman/listinfo/full-disclosure > -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wmYEARECACYFAj1RbEsfHGNob29zZS5hLnVzZXJuYW1lQGh1c2htYWlsLmNvbQAKCRDT 5JkCl0iMkKSVAKCmopCKn6swc21wUIcbELylqNUe2QCfVFNLHTQ99CDI0fgZsbGw+nDA f+A= =WcIJ -----END PGP SIGNATURE----- Communicate in total privacy. Get your free encrypted email at https://www.hushmail.com/?l=2 Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Powered by blists - more mailing lists