lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <E1DxmIG-00077w-00.phased-mail-ru@f20.mail.ru>
Date: Wed Jul 27 14:50:05 2005
From: phased at mail.ru (phased)
Subject: Our Industry Is Seriously Ethics Impaired

They could just as easily be harbouring a massive 0day arsenal for the us gov
to attack other countries.

-----Original Message-----
From: Adam Jones <ajones1@...il.com>
To: 
Date: Wed, 27 Jul 2005 08:15:33 -0500
Subject: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired

> What exactly is wrong with this? I personally would rather have 3com
> buying up exploits (probably under an agreement for exclusive access)
> instead of having them sold to the highest, probably malicious,
> bidder. Even if someone sells it to both there is a more reputable
> group that has the exploit and can help with mitigation.
> 
> - Adam
> On 7/26/05, J.A. Terranson <measl@....org> wrote:
> > 
> > Yet another voice baying at the moon.
> > 
> > --
> > Yours,
> > 
> > J.A. Terranson
> > sysadmin@....org
> > 0xBD4A95BF
> > 
> > 
> > "A stock broker is someone who handles your money until its all gone."
> > Diana Hubbard (of Scientology fame)
> > 
> > -----------------------------------------------------------------------
> > 
> > http://informationweek.com/story/showArticle.jhtml?articleID=166402192
> > 
> > 3Com Rewards 'Responsible' Disclosure Of Security Flaws   July 25, 2005
> > EMAIL THIS ARTICLE
> > PRINT THIS ARTICLE
> > DISCUSS THIS ARTICLE WRITE TO AN EDITOR
> > 
> > 
> > 
> > The company is planning to reward security researchers who reveal
> > information on newly discovered vulnerabilities.
> > By John Walko
> > EE Times
> > 
> > 
> > 
> > LONDON . Data networking group 3Com is planning to reward security
> > researchers who reveal information on newly discovered vulnerabilities as
> > part of an initiative run by its TippingPoint division.
> > 
> > The so called .Zero Day Initiative. is aimed at ensuring the 'responsible'
> > disclosure of security flaws in order to make technology more secure for
> > all users. The goal is to proactively protect businesses against newly
> > discovered vulnerabilities.
> > 
> > According to 3Com, many security researchers want to be recognized for
> > their discovery, but they don't always achieve that in a responsible
> > manner. Instead, and all too often, they post the potentially harmful
> > information publicly, catching businesses and vendors off-guard and
> > unprotected.
> > 
> > The initiative will recognize researchers for the discovery when the
> > vulnerability is publicly disclosed with the vendor's patch.
> > 
> > 3Com will notify affected vendors of security flaws so they can
> > immediately begin working on a solution, most often in the form of a
> > patch. The vulnerabilities will only be disclosed publicly once the
> > affected vendor is able to offer a solution to end users, mitigating the
> > threat.
> > 
> > Providing pre-emptive protection will be done through 3Com subsidiary
> > TippingPoint.s Digital Vaccine service.
> > 
> > The company stressed it would share vulnerability details freely with
> > other security vendors prior to public disclosure.
> > 
> > 3Com CTO Marc Willebeek-LeMair said the initiative would ultimately
> > benefit everyone in the industry: security and technology vendors,
> > security researchers and end users.
> > 
> > Vulnerabilities enable attackers to gain control of a system for malicious
> > purposes. They can also result in worms or Denial of Service attacks,
> > which can bring down entire networks.
> > 
> > Zero day disclosure occurs when the discoverer of the vulnerability
> > discloses the flaw to the public without notifying the vendor, putting
> > businesses at risk from the time of disclosure until the affected vendor
> > issues a patch. It can take vendors weeks or months to supply a patch.
> > 
> > David Endler, Director of Security Research for 3Com's TippingPoint
> > division, said: "This program will extend our research organization even
> > further, and enable us to tap some of the most brilliant minds in the
> > global security research community..
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

Powered by blists - more mailing lists