The value of vulnerabilities

The value of vulnerabilities
Jason Miller, 2006-03-07

There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?

Re: The value of vulnerabilities 2006-03-13
hi2005

if the vendor would not like to pay for the vul you find, then you decide to disclose it to the highest bidder. and then someone exploit this vul to make money. then the customers were hurt and blame the vendor. and at last the vendor has to pay for such vul when found. that's a sound feed-back syst...

[ more ]