lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070709222349.42558.qmail@cgisecurity.net>
Date: Mon, 9 Jul 2007 18:23:49 -0400 (EDT)
From: bugtraq@...security.net
To: simon@...soft.com (Simon Smith)
Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu
Subject: Re: The Auction Site made Forbes.

In a way a larger company (beyond idefense/tippingpoint) getting involved will be to our advantage. 
There hasn't been a high profile lawsuit against a vuln researcher for finding and selling an 0day
at this point (that I can think of) and it's only a matter of time before it happens. A company with a closed 
source product can claim EULA agreement violations as well as IP violations. While they may not 
win the lawsuit they will punish you with lawyer fee's potentially bankrupting you and I'd rather not 
be the one to test the theory.

By working with an established company as a researcher you may be offered some sort of legal protection 
provided by the terms of the agreement with the company you're selling it to, if said vulnerable company came 
after you.                          

Regards,
- Robert
http://www.cgisecurity.com/ Website and Application security news         
http://www.webappsec.org/ The Web Application Security Consortium 


> Hadn't thought about it that way... ;]
> 
> Let the fun begin.
> 
> 
> On 7/9/07 4:25 PM, "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
> wrote:
> 
> > On Mon, 09 Jul 2007 15:50:16 EDT, Simon Smith said:
> >> Guys,  
> >>     Thought you might like to see this:
> >> 
> >> http://www.forbes.com/home/security/2007/07/06/security-software-hacking-tech
> >> -security-cx_ag_0706vulnmarket.html
> > 
> > Just fsck'ing great.  Now we'll have venture capitalists and arbitrage
> > specialists and all that ilk wanting a piece of the action.  You thought this
> > was all morally murky *before*, you ain't seen nothing yet. :)
> > 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ