Thierry Zoller wrote: > Dear Jared, > > My opinion : > > >> but some folks don't like the idea of selling directly to the >> vendor. >> > It reads a bit like the mob, extorion style. I have a bug, you want it > ? Pay me money. > > > Ps. Nice presentaion @BH > because getting it entirely safe is impossible? Getting food bacteria free is impossible too, doesn't mean we shouldn't do QA and make sure it's acceptable.
What companies think in this context is their choice. Bug's have a market value you can give companies an option to buy it. Companies want to ignore bugs, because fixing them is not economical. They can't be angry that we sell them because it's economical. We are not the bad guys. If we discover a laptop explodes under certain conditions due to a bug in the bios. We can't FD it? We shouldn't asses the marketvalue by trying to sell it? riight. The intelligence of security researches shouldn't be ignored like it is now it's not a viable economic strategy. well thats my view at least. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
