lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050727155718.GC10546@sivokote.iziade.m$> Date: Wed Jul 27 16:56:22 2005 From: guninski at guninski.com (Georgi Guninski) Subject: Our Industry Is Seriously Ethics Impaired On Tue, Jul 26, 2005 at 09:56:45PM -0500, J.A. Terranson wrote: > > The so called .Zero Day Initiative. is aimed at ensuring the 'responsible' > disclosure of security flaws in order to make technology more secure for this is how i interpret "responsible" - you give them the 0day and give up your consitutional right of "free speech". they give you a few bucks. very close to the american dream. then they get richer and "you grow older and they grow colder and nothing is very much fun anymore" [1]. the movie "corporation" expliains it to some extent. > all users. The goal is to proactively protect businesses against newly > discovered vulnerabilities. > the goal is money, this is the PR version for the users naiive enough to vote for idiots. > 3Com will notify affected vendors of security flaws so they can > immediately begin working on a solution, most often in the form of a secondary market of bought 0days? > The company stressed it would share vulnerability details freely with > other security vendors prior to public disclosure. > hope they don't forget to carbon copy me with the 0days different from CSS. > Zero day disclosure occurs when the discoverer of the vulnerability > discloses the flaw to the public without notifying the vendor, putting > businesses at risk from the time of disclosure until the affected vendor > issues a patch. It can take vendors weeks or months to supply a patch. > it is legal where i live. > division, said: "This program will extend our research organization even > further, and enable us to tap some of the most brilliant minds in the > global security research community.. > i believe they will not "tap some of the most brilliant minds". when one reaches a certain level of expertise and/or experience, the chances that he is a money whore are low imho. [1] paraphrased Pink Floyd, "One of my turns" -- where do you want bill gates to go today?
Powered by blists - more mailing lists