Its great that people are cluey enought to find these vulnerabilities but I have great difficulties it them selling the information for profit. I can accept that time is money and maybe there is a case for payment but it is my belief that it is strongly unethical to sell it .

The first approach must be to the company concerned and they should have a policy in place to reward people when they report a problem because it is in their bst interest to repair it to prevent exploitation of it thus potential great harm to users of the product.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11468/34673#34673