On Tue, Jul 26, 2005 at 09:56:45PM -0500, J.A. Terranson wrote: > > The so called .Zero Day Initiative. is aimed at ensuring the 'responsible' > disclosure of security flaws in order to make technology more secure for
this is how i interpret "responsible" - you give them the 0day and give up your consitutional right of "free speech". they give you a few bucks. very close to the american dream. then they get richer and "you grow older and they grow colder and nothing is very much fun anymore" [1]. the movie "corporation" expliains it to some extent. > all users. The goal is to proactively protect businesses against newly > discovered vulnerabilities. > the goal is money, this is the PR version for the users naiive enough to vote for idiots. > 3Com will notify affected vendors of security flaws so they can > immediately begin working on a solution, most often in the form of a secondary market of bought 0days? > The company stressed it would share vulnerability details freely with > other security vendors prior to public disclosure. > hope they don't forget to carbon copy me with the 0days different from CSS. > Zero day disclosure occurs when the discoverer of the vulnerability > discloses the flaw to the public without notifying the vendor, putting > businesses at risk from the time of disclosure until the affected vendor > issues a patch. It can take vendors weeks or months to supply a patch. > it is legal where i live. > division, said: "This program will extend our research organization even > further, and enable us to tap some of the most brilliant minds in the > global security research community.. > i believe they will not "tap some of the most brilliant minds". when one reaches a certain level of expertise and/or experience, the chances that he is a money whore are low imho. [1] paraphrased Pink Floyd, "One of my turns" -- where do you want bill gates to go today? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
