Not really a new idea, although I admit it's the first time I have seen it advertised so up-front. Selling zero-day's to vendors is even older than the WWW; someone I met at a hackspace event once told me about selling vulnerabilities to phone-in BBS server software vendors in the 80's. Selling zero-day's to other people than the affected vendors... Well, in the old days it was more about *trading* vulnerabilities, between hackers and other enthusiasts, than outright selling them.
I wouldn't say the debate has lost its relevance, though. The full disclosure-guys will still do their thing, if they really believe in it. What would be interesting is if someone paid money for critical vulnerabilities being fully disclosed without prior heads-up. *That* would stir things up! :) On 21 June 2012 21:51, Mike Barnard <[email protected]> wrote: > Early this year, the “keep secret” versus “full disclosure” versus > “pay-for-vulnerability” debate lost its relevance. There’s a new and > lucrative way to monetize vulnerabilities. > > > http://www.techrepublic.com/blog/security/guess-whos-buying-zero-day-vulnerabilities/8005?tag=nl.e011 > > -- > Mike > > Of course, you might discount this possibility, but remember that one in a > million chances happen 99% of the time. > ------------------------------------------------------------ > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
