[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <52c5b001-87d4-4eff-91af-33575aaeb13c@zmail15.collab.prod.int.phx2.redhat.com>
Date: Tue, 24 Apr 2012 15:13:05 -0400 (EDT)
From: Ramon de C Valle <rcvalle@...hat.com>
To: Michal Zalewski <lcamtuf@...edump.cx>
Cc: dailydave <dailydave@...ts.immunityinc.com>,
websecurity@...ts.webappsec.org,
full-disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq <bugtraq@...urityfocus.com>, Jim Harrison <Jim@...tools.org>
Subject: Re: We're now paying up to $20,
000 for web vulns in our services
> > IMHO, anyone who willingly, knowingly places customer data at risk
> > by inviting attacks on their production systems is playing a very
> > dangerous game. There is no guarantee that a vuln discovered by a
> > truly honest researcher couldn't become a weapon for the dishonest
> > "researcher" through secondary discovery
>
> I'm not sure I follow. Are you saying that the dishonest researcher
> will not try to find vulnerabilities if there is no reward program
> for
> the honest ones?
He made a good example of a Slippery Slope.
--
Ramon de C Valle / Red Hat Product Security Team
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists