Robert Lemos, SecurityFocus 2005-12-15
The auction may have set a record price for a highlighter pen and an 8-by-11-inch sheet of paper.
Colapse all |
Post comment
Researchers: Flaw auctions would improve security
2005-12-16
Sean (2 replies)
Sean (2 replies)
Re: Researchers: Flaw auctions would improve security
2005-12-18
Ano (1 replies)
Ano (1 replies)
do you mean to say, it would be better and cheaper for companies to invest into a flaw or"problem" with a product, rather than using that money to improve the product to be better?...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Researchers: Flaw auctions would improve security
2005-12-21
Sean
Sean
Do you not read well or understand well. I thought I made it pretty clear. "Flip side of that is that companies that can dish out the money might skimp on the security and code testing in the beginning but that just means more money to the independent testers." I did not say better or cheaper. I...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Flaw auctions would improve security
2005-12-19
Anonymous (1 replies)
Anonymous (1 replies)
I completely disagree with the idea that vulnerability information should be auctioned off, because if this flaw is not picked up by the software vendor and does fall into the wrong hands, then many "innocent" users are to suffer.
On the contrary to this I believe that software vendors should be ...
[ more ] [ reply ]
On the contrary to this I believe that software vendors should be ...
[ more ] [ reply ]
Re: Re: Researchers: Flaw auctions would improve security
2005-12-19
Anonymous
Anonymous
These vulnerabilities are already being sold and traded in underground markets. By auctioning them out in the open, everyone is aware of its existance. That puts pressure on the software developers. They may try to call it extorsion, but then if they did it right in the first place.... ...
[ more ] [ reply ]
[ more ] [ reply ]
Researchers: Flaw auctions would improve security
2005-12-18
Anonymous (2 replies)
Anonymous (2 replies)
This AGAIN is absolutely ridiculous!
How many knifes and baseball bats are sold thru ebay day ?
What is the differnece between a weapon and a theoretical SW vulnerability ?
TELL US! Ebay !!
Anonymous
...
[ more ] [ reply ]
How many knifes and baseball bats are sold thru ebay day ?
What is the differnece between a weapon and a theoretical SW vulnerability ?
TELL US! Ebay !!
Anonymous
...
[ more ] [ reply ]
Re: Researchers: Flaw auctions would improve security
2005-12-19
rusga
rusga
Agreed.
Bitter-taste is:
When one discovers a flaw after hours/days of research (besides years of knowledge to do that), sends it to respective sw-house/company and don't get any reward for this *world-wide comunity service* besides a slap-in-the-back like a candy to a kid.
But much worse tha...
[ more ] [ reply ]
Bitter-taste is:
When one discovers a flaw after hours/days of research (besides years of knowledge to do that), sends it to respective sw-house/company and don't get any reward for this *world-wide comunity service* besides a slap-in-the-back like a candy to a kid.
But much worse tha...
[ more ] [ reply ]
Re: Researchers: Flaw auctions would improve security
2005-12-19
Anonymous (1 replies)
Anonymous (1 replies)
Baseball bats and (kitchen?) knives have a legitimate purpose.
What is the 'legitimate alternative purpose' for someone wishing to purchase a software vulnerability?...
[ more ] [ reply ]
What is the 'legitimate alternative purpose' for someone wishing to purchase a software vulnerability?...
[ more ] [ reply ]
Researchers: Flaw auctions would improve security
2005-12-20
Bill Barlowe (1 replies)
Bill Barlowe (1 replies)
The complete ignorance of the author and the lack of professional objectivity of most of the people quoted leave me speechless. This panders to the least common denominator instead of moral, responsible behaivor. I do not have enough time to express all my distaste for the people involved in this ar...
[ more ] [ reply ]
[ more ] [ reply ]
Researchers: Flaw auctions would improve security
2005-12-21
Howard Israel
Howard Israel
No doubt that the open sale of undisclosed vulnerability information presents new ethical questions. On the one hand, bona fide vulnerability researchers should be rewarded in some manner (at least in getting credit). On the other, disclosure of such sensitive information to anyone other then the ...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]