lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <E1DxmIG-00077w-00.phased-mail-ru@f20.mail.ru> Date: Wed Jul 27 14:50:05 2005 From: phased at mail.ru (phased) Subject: Our Industry Is Seriously Ethics Impaired They could just as easily be harbouring a massive 0day arsenal for the us gov to attack other countries. -----Original Message----- From: Adam Jones <ajones1@...il.com> To: Date: Wed, 27 Jul 2005 08:15:33 -0500 Subject: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired > What exactly is wrong with this? I personally would rather have 3com > buying up exploits (probably under an agreement for exclusive access) > instead of having them sold to the highest, probably malicious, > bidder. Even if someone sells it to both there is a more reputable > group that has the exploit and can help with mitigation. > > - Adam > On 7/26/05, J.A. Terranson <measl@....org> wrote: > > > > Yet another voice baying at the moon. > > > > -- > > Yours, > > > > J.A. Terranson > > sysadmin@....org > > 0xBD4A95BF > > > > > > "A stock broker is someone who handles your money until its all gone." > > Diana Hubbard (of Scientology fame) > > > > ----------------------------------------------------------------------- > > > > http://informationweek.com/story/showArticle.jhtml?articleID=166402192 > > > > 3Com Rewards 'Responsible' Disclosure Of Security Flaws July 25, 2005 > > EMAIL THIS ARTICLE > > PRINT THIS ARTICLE > > DISCUSS THIS ARTICLE WRITE TO AN EDITOR > > > > > > > > The company is planning to reward security researchers who reveal > > information on newly discovered vulnerabilities. > > By John Walko > > EE Times > > > > > > > > LONDON . Data networking group 3Com is planning to reward security > > researchers who reveal information on newly discovered vulnerabilities as > > part of an initiative run by its TippingPoint division. > > > > The so called .Zero Day Initiative. is aimed at ensuring the 'responsible' > > disclosure of security flaws in order to make technology more secure for > > all users. The goal is to proactively protect businesses against newly > > discovered vulnerabilities. > > > > According to 3Com, many security researchers want to be recognized for > > their discovery, but they don't always achieve that in a responsible > > manner. Instead, and all too often, they post the potentially harmful > > information publicly, catching businesses and vendors off-guard and > > unprotected. > > > > The initiative will recognize researchers for the discovery when the > > vulnerability is publicly disclosed with the vendor's patch. > > > > 3Com will notify affected vendors of security flaws so they can > > immediately begin working on a solution, most often in the form of a > > patch. The vulnerabilities will only be disclosed publicly once the > > affected vendor is able to offer a solution to end users, mitigating the > > threat. > > > > Providing pre-emptive protection will be done through 3Com subsidiary > > TippingPoint.s Digital Vaccine service. > > > > The company stressed it would share vulnerability details freely with > > other security vendors prior to public disclosure. > > > > 3Com CTO Marc Willebeek-LeMair said the initiative would ultimately > > benefit everyone in the industry: security and technology vendors, > > security researchers and end users. > > > > Vulnerabilities enable attackers to gain control of a system for malicious > > purposes. They can also result in worms or Denial of Service attacks, > > which can bring down entire networks. > > > > Zero day disclosure occurs when the discoverer of the vulnerability > > discloses the flaw to the public without notifying the vendor, putting > > businesses at risk from the time of disclosure until the affected vendor > > issues a patch. It can take vendors weeks or months to supply a patch. > > > > David Endler, Director of Security Research for 3Com's TippingPoint > > division, said: "This program will extend our research organization even > > further, and enable us to tap some of the most brilliant minds in the > > global security research community.. > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists