| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 08 Aug 2007 09:39:26 +0200 From: monikerd <monikerd@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Right, or wrong? Thierry Zoller wrote: > Dear Jared, > > My opinion : > > >> but some folks don't like the idea of selling directly to the >> vendor. >> > It reads a bit like the mob, extorion style. I have a bug, you want it > ? Pay me money. > > > Ps. Nice presentaion @BH > because getting it entirely safe is impossible? Getting food bacteria free is impossible too, doesn't mean we shouldn't do QA and make sure it's acceptable. What companies think in this context is their choice. Bug's have a market value you can give companies an option to buy it. Companies want to ignore bugs, because fixing them is not economical. They can't be angry that we sell them because it's economical. We are not the bad guys. If we discover a laptop explodes under certain conditions due to a bug in the bios. We can't FD it? We shouldn't asses the marketvalue by trying to sell it? riight. The intelligence of security researches shouldn't be ignored like it is now it's not a viable economic strategy. well thats my view at least. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists