-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 08 Jul 2007 19:27:58 -0600 George Ou <[EMAIL PROTECTED]> wrote: >Michal, > >I completely agree with you about the ethics of >selling exploits to the black-market. However, >there needs to be a reasonable alternative to >working for a "thank you" from the vendor. Very >knowledgeable people who spend their valuable >time tracking down bugs deserve to be able to >make a living and they deserve to get paid. If >there were a reasonable finder's fee paid by the >vendor, then a lot of conscionable researchers >will go the legitimate route even if they can >make more money selling it to the black-market. > >George
thank you? okay - thank you for creating this wonderful software that we use. thank you for listening to our defect requests and thank you for addressing them in a meaningful time frame. but thank you for finding bugs? are you on drugs? they didnt ask you to look for defects. this sounds like those people who paint house numbers on your curb and then want to be paid even through you never said to paint the numbers. or those windshield washers who want you to pay them for smearing your window when you didnt ask for it. the only people who should be paid to find vulnerabilities are the people asked to find vulnerabilities. should we pay burglars for breaking into our homes? and what about open source projects? should nonprofit groups be forced to pay for defects that they never asked people to look for? if they dont pay then should we stop looking? companies that pay for exploits are honest about it. zdi and vcp let their customers know about risks before the rest of the world. the bounty comes from their customer registration fees. customers pay to hear about exploits first. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkaRr68ACgkQiDw0BWMaDTHTzQQAhkTq/SkybDeO0z2GYAQHYjOQaTOw rkVGR6NP0JxiFSugNSw4mqW2CoaRr1LG0zsO56+qBkfcsxZW5Mp6nHpyT8YHkfDBhkb7 74C/hOCenGX5cXsTn1SKahBlSEsA+WSJ8CGcaFyloKvpMBMjpChzNM53UDmL5s1FDb6v Jc3adNk= =NKl+ -----END PGP SIGNATURE----- -- Bills adding up?? Click here for free information on payday loans. http://tagline.hushmail.com/fc/Ioyw6h4d80lDdADlxQMmdKKAkx3ixbvIa1bH0RAe2vkhQhjetVB1Be/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/