Should also point out that getting E&O insurance is a good idea.
Daniel
> On Jun 8, 2014, at 1:34 PM, Dave Warren wrote:
>
>> On 2014-06-08 04:03, Paul Vixie wrote:
>> this is concerning, for two reasons.
>>
>> first, for enforceability, a contract requires exchange of
>> consideration. what'
On Sun, Jun 8, 2014 at 4:03 AM, Paul Vixie wrote:
>...
> i am not a lawyer either. i started MAPS, the first anti-spam company,
> in 1997 or so, and became the most-sued person i know. i may be the
> most-sued person you'll ever know.
you have had interesting experiences!
how many of these lawsu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This sounds like modified prisoners' dilemma to me:
Prisoner 1 (the researcher):
Cooperate: give information to the company
Not-cooperate: deny information, release publicly
Prisoner 2 (the company):
Cooperate: don't sue the researcher
Not-cooperate:
coderman wrote:
> On Sun, Jun 8, 2014 at 4:03 AM, Paul Vixie wrote:
>> ...
>> i am not a lawyer either. i started MAPS, the first anti-spam company,
>> in 1997 or so, and became the most-sued person i know. i may be the
>> most-sued person you'll ever know.
>
> you have had interesting experienc
Pedro Ribeiro wrote:
> On 8 June 2014 12:03, Paul Vixie wrote:
>
>> it's generally good text other than these structural matters. you'll want a
>> real lawyer to look at it before you try to use it, and maybe before you
>> process my suggestion above. we have two non-practicing lawyers in the
>>
Paul Vixie wrote:
> ...
>
> "i wish to enter into a no-fee relationship with you wherein you will
> receive certain valuable information at no monetary cost. the only
> requirement you would have to meet in order to receive this and future
> potentially valuable information is absolute fidelity t
codeinject.org wrote:
> any lawyer will dismiss this in court stating it was signed under duress.
in my proposed model, the only recourse a researcher has against vendor
nonperformance is future silence. in your scenario above the lawyer in
question would be trying to argue that future silence w
On 8 June 2014 09:16, Owen Tuz wrote:
> I am also not a lawyer, but think you would have serious problems getting
> this to hold up in any court.
>
> What you're describing is equivalent to the email disclaimers used by many
> businesses - "If you have received this email in error, please delete i
any lawyer will dismiss this in court stating it was signed under duress.
Also it sounds an awful lot like blackmail.
I think you should either make the gamble, or let a ZDI, Exodus, VUPEN etc
do the disclosure on your behave.
or just go full diclosure on them =)
On 2014-06-08 04:03, Paul Vixie wrote:
this is concerning, for two reasons.
first, for enforceability, a contract requires exchange of
consideration. what's yours? i can see that the vendor is receiving
something of value (the disclosure) but it's not clear what you're
getting in return beyond t
Keep in mind you can always be sued. No matter what 'legal' document you may
have. I'm the third down on that attrition list.
This brings to mind this recent blog from John Strand:
http://pen-testing.sans.org/blog/pen-testing/2014/06/04/five-things-every-pen-tester-should-know-about-working-wit
Pedro Ribeiro wrote:
> ...
>
> I am not a lawyer, so I would like everyone's opinion (lawyer or not)
> on whether this would actually provide any protection.
i am not a lawyer either. i started MAPS, the first anti-spam company,
in 1997 or so, and became the most-sued person i know. i may be the
As you all know, responsible disclosure can be hard.
You want to do the right thing, give the vendor some time to fix the
issue, protect its customers, etc; but the first thing the vendor does
is to threaten to sue / arrest / beat up / kill you.
Fortunately this is happening less and less, but the
13 matches
Mail list logo