Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
The value of vulnerabilities
Jason Miller, 2006-03-07

There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?

Comments Mode:
The value of vulnerabilities 2006-03-07
Anonymous (4 replies)
Re: The value of vulnerabilities 2006-03-08
infamous41md
Re: The value of vulnerabilities 2006-03-08
Anonymous
Re: The value of vulnerabilities 2006-03-08
Dancho Danchev
Re: The value of vulnerabilities 2006-03-17
Anonymous
Another viewpoint - The value of vulnerabilities 2006-03-08
Robert E. Lee
The value of vulnerabilities 2006-03-08
Matthew Murphy (1 replies)
Re: The value of vulnerabilities 2006-03-13
John Smith
The value of vulnerabilities 2006-03-08
Anonymous (1 replies)
Re: The value of vulnerabilities 2006-03-13
hi2005
The value of vulnerabilities 2006-03-08
Omar A. Herrera (2 replies)
I think it will also depend on the bad guys. There are known cases of people selling malware to anybody. That includes criminals of course and we might not be that far from seeing criminal organizations offering a higher price for unpublished vulnerabilities and exploits.

Which way will reasearchers go if the bad guys offer more money? Some cases of vendors threating and suing security reasearchers make me think it won't be that difficult to convince researchers into going to the dark side.

Anyway, it is not an issue now of whether people should pay for vulnerabilities/exploits or not. It is already happening, but we should make sure it does not backfire to us (if that is possible at all).

Money should be the means, not the goal. As with other things in life, if money becomes the goal for researchers, we should expect much of this information going to the wrong people.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/391/33282#33282
Re:Good Points 2006-03-08
R_U_Trustified (2 replies)
Re: Re:Good Points 2006-03-09
infamous41md
Re: Re:Good Points 2006-03-09
Matthew Murphy (1 replies)
Re: Re: Re:Good Points 2006-03-14
Robert E. Lee (1 replies)
Re: Re: Re: Re:Good Points 2006-03-15
Matthew Murphy (1 replies)
Re: Re: Re: Re: Re:Good Points 2006-03-17
Anonymous
Re: The value of vulnerabilities 2006-03-13
hi2005
The value of vulnerabilities 2006-03-10
Max (1 replies)
Re: The value of vulnerabilities 2006-03-14
Robert E. Lee
Responsible disclosure 2006-03-13
Anonymous (1 replies)
Re: Responsible disclosure 2006-03-14
Robert E. Lee
The value of vulnerabilities 2006-03-16
C. Winchester
What Value? 2006-03-17
Anonymous (2 replies)
Re: What Value? 2006-03-20
infamous41md
Re: What Value? 2006-03-28
Anonymous







 

Privacy Statement
Copyright 2008, SecurityFocus