[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <C1D29CFC.1738F%simon@snosoft.com>
Date: Tue, 16 Jan 2007 15:17:16 -0500
From: Simon Smith <simon@...soft.com>
To: Blue Boar <BlueBoar@...evco.com>
Cc: Untitled <full-disclosure@...ts.grok.org.uk>, bugtraq@...urityfocus.com
Subject: Re: iDefense Q-1 2007 Challenge
Well,
I guess that miscommunication sums it up and I apologize (publicly) for
being such a snappy brat. For the record though, this isn't something that
the company markets at all. We've been doing this for a while and are very
selective about who we work with. Hence, why there is no real marketing.
I wanted to test the waters and see what kind of response I could get
from the community. So far, its been very interesting.
On 1/16/07 3:06 PM, "Blue Boar" <BlueBoar@...evco.com> wrote:
> Simon Smith wrote:
>> Blue Boar,
>> Simply put, and with all due respect, you're wrong.
>
> About? I see basically two assertions in my note; 1) that I would sell
> to iDefense or TippingPoint. Surely you're not going to tell me what I
> would do? And 2) That iDefense isn't doing the same thing that Blackhats
> are. Is the latter one the one you disagree with?
>
>> Furthermore I don't
>> appreciate you directly or indirectly suggesting that these exploits are
>> being sold on the black market, that will never happen on my watch, ever!
>
> If you look carefully, you'll see I was replying to Kevin, who did make
> a comparison to selling to blackhats. I hadn't even seen your note at
> the point, and I wasn't replying to you, and I didn't quote anything you
> wrote.
>
> So I assume you think I was saying that your company is selling to
> blackhats. I wouldn't think you were. Certainly you don't mean to claim
> that, in general, the entire market never sells to blackhats, nor that
> you have any control over what others do.
>
>> More importantly, the company that I am working with is no different
>> than iDefense. In fact, they both sell their exploits and harvested research
>> to the same people. The only real difference is in the amount of money that
>> the researcher realizes when the transactions are complete. This difference
>> is a direct result of low corporate overhead.
>>
>> Lastly, all transactions require that the researcher engage the company
>> that I work with in a tight contract. This contract ensures that both
>> parties are legitimate and also protects both parties. They don't do that on
>> the black market do they?
>
> So, is the problem that I didn't realize you guys also bought vulns, and
> that you pay more? No, I had no idea that you did. I guess some better
> marketing is in order. The quarterly challenge thing is pretty good for
> publicity, maybe you guys should do one of those.
>
> BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists