*Proposition* Microsoft is a 280+ billion dollar corporation. Why don't/can't they have a standard ransom fee for security flaws?
0day Remote OS flaw: $1,000,000 0day IE explorer flaws that give administrative shells: $200,000 0day (other flaws) that affect other products (ie office): $200,000 etc..(these fees could be much higher) Provided the person who discovered the vulnerability gives a full working patch, Then Microsoft could patch the hole right away and people could update. (yes i know lots of people don't update but at least it is a start, and then legally they would be so liable). Maybe this concept isint new and I am just in the dark about it. *Question* ** Why does'nt Microsoft (or any company) do this? And also has Microsoft ever been held criminaly liable for negligence in a criminal case for not patching a flaw leading to a security breach? Or is there team of lawyers just to much for any normal person? On 6/25/07, Kradorex Xeron <[EMAIL PROTECTED]> wrote:
On Sunday 24 June 2007 16:19, [EMAIL PROTECTED] wrote: > I can't give detail here Isn't this list called "full-disclosure"? - in otherwords: If you aren't going to disclose anything: DON'T post that you "have something". This list is designed specifically for disclosing (and discussing on the occasion) vulnerabilities, problems, etc to the entire community at once, not just selectively who you choose (i.e. who buys your "0day"). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
