They could just as easily be harbouring a massive 0day arsenal for the us gov to attack other countries.
-----Original Message----- From: Adam Jones <[EMAIL PROTECTED]> To: Date: Wed, 27 Jul 2005 08:15:33 -0500 Subject: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired > What exactly is wrong with this? I personally would rather have 3com > buying up exploits (probably under an agreement for exclusive access) > instead of having them sold to the highest, probably malicious, > bidder. Even if someone sells it to both there is a more reputable > group that has the exploit and can help with mitigation. > > - Adam > On 7/26/05, J.A. Terranson <[EMAIL PROTECTED]> wrote: > > > > Yet another voice baying at the moon. > > > > -- > > Yours, > > > > J.A. Terranson > > [EMAIL PROTECTED] > > 0xBD4A95BF > > > > > > "A stock broker is someone who handles your money until its all gone." > > Diana Hubbard (of Scientology fame) > > > > ----------------------------------------------------------------------- > > > > http://informationweek.com/story/showArticle.jhtml?articleID=166402192 > > > > 3Com Rewards 'Responsible' Disclosure Of Security Flaws July 25, 2005 > > EMAIL THIS ARTICLE > > PRINT THIS ARTICLE > > DISCUSS THIS ARTICLE WRITE TO AN EDITOR > > > > > > > > The company is planning to reward security researchers who reveal > > information on newly discovered vulnerabilities. > > By John Walko > > EE Times > > > > > > > > LONDON . Data networking group 3Com is planning to reward security > > researchers who reveal information on newly discovered vulnerabilities as > > part of an initiative run by its TippingPoint division. > > > > The so called .Zero Day Initiative. is aimed at ensuring the 'responsible' > > disclosure of security flaws in order to make technology more secure for > > all users. The goal is to proactively protect businesses against newly > > discovered vulnerabilities. > > > > According to 3Com, many security researchers want to be recognized for > > their discovery, but they don't always achieve that in a responsible > > manner. Instead, and all too often, they post the potentially harmful > > information publicly, catching businesses and vendors off-guard and > > unprotected. > > > > The initiative will recognize researchers for the discovery when the > > vulnerability is publicly disclosed with the vendor's patch. > > > > 3Com will notify affected vendors of security flaws so they can > > immediately begin working on a solution, most often in the form of a > > patch. The vulnerabilities will only be disclosed publicly once the > > affected vendor is able to offer a solution to end users, mitigating the > > threat. > > > > Providing pre-emptive protection will be done through 3Com subsidiary > > TippingPoint.s Digital Vaccine service. > > > > The company stressed it would share vulnerability details freely with > > other security vendors prior to public disclosure. > > > > 3Com CTO Marc Willebeek-LeMair said the initiative would ultimately > > benefit everyone in the industry: security and technology vendors, > > security researchers and end users. > > > > Vulnerabilities enable attackers to gain control of a system for malicious > > purposes. They can also result in worms or Denial of Service attacks, > > which can bring down entire networks. > > > > Zero day disclosure occurs when the discoverer of the vulnerability > > discloses the flaw to the public without notifying the vendor, putting > > businesses at risk from the time of disclosure until the affected vendor > > issues a patch. It can take vendors weeks or months to supply a patch. > > > > David Endler, Director of Security Research for 3Com's TippingPoint > > division, said: "This program will extend our research organization even > > further, and enable us to tap some of the most brilliant minds in the > > global security research community.. > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
