| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Jan 2007 10:35:39 -0800 From: Blue Boar <BlueBoar@...evco.com> To: "K F (lists)" <kf_lists@...italmunition.com> Cc: Untitled <full-disclosure@...ts.grok.org.uk>, bugtraq@...urityfocus.com Subject: Re: iDefense Q-1 2007 Challenge K F (lists) wrote: > We all know black hats are selling these sploits for <=$25k so why > should the legit folks settle for anything less? As an example the guys > at MOAB kicked around selling a Quicktime bug to iDefense but in the end > we decided it was not worth it due to low pay... > > Low Pay == Not getting disclosed via iDefense.... Maybe that's all they are worth to iDefense, since they aren't monetizing them in the same way blackhats are. Maybe for some people if they were going to just give them to Microsoft anyway, a few thousand bucks is worth it. Me, for example, if I were capable of of finding such vulns, I wouldn't sell them to the guys writing the drive-by spyware installers. I might sell it to iDefense or Tippingpoint, though. BB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists