Dave, I believe the cause of this confusion is similar to that of say GPL vs BSD i.e. both claim to represent Open Source but GPL has restrictions while BSD doesn't.
The core issue is the actual confirmation that vulnerabilities have been sold to government and the only academically vetted, please withhold flames :), example that I am aware is that disputes this is http://weis2007.econinfosec.org/papers/29.pdf. Yes, it is possible that the market may have matured over the past five years (i.e. I don't know) but I have observed someone claim to know of someone else who had been offerred +100K for a vulnerability in 2006 and then went silent when presented with http://weis2007.econinfosec.org/papers/29.pdf The other issue in relation to selling to government good and/or bad is the terrorist vs "freedom fighter" (depending on who you are in the global community) point of view. On Sat, Aug 11, 2012 at 5:57 AM, Dave Aitel <[email protected]> wrote: > So your theory here is that because the EFF is calling for regulation of > the government's ability to use 0day it has bought, that they are still > advocating some sort of freedom? Frankly, I can't for the life of me > understand why the EFF would take these positions - they seem counter to > its mission, if not just completely confusing. It's like some selection > of people at the EFF got scared that 0day exists and took a random > position on the matter, completely ignoring that their (former) support > base has the opposite position on the "equities issue". -- Regards, Christian Heinrich http://cmlh.id.au/contact _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
