I am personally tired of vendors simply expecting me to hand over my research for free. My time is worth more than that... I am not a source of free Q.A. . I should be paid for my time just as any other worker would.

Vendors have no place to complain about responsible disclosure et all when they offer us no real incentive to work with them. You put my name in a security advisory .... so what! I just gave you 15 hours of free product testing.

Vendors make bajillions of dollars off the software that we audited for free and you are telling me all they can offer us is "small amount of fame". Thats pathetic. Quit whording all the loot and spread the love, or don't complain when bugs get dropped. As far as how "(iDefense) can give us $10,000." You are telling me that you can't sell in some cases ONE license to make up this cost... with the volume of $$$ these vendors deal in that is a pretty weak excuse. The cost of one "Oracle Database Enterprise Edition - CPU license" can make several independant researchers happy.... so get real. Come back with a real excuse because that one is lametacular.

Work with us or work against us... the bugs aren't going away any time soon.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11386/33593#33593