Tim,
The name of the business that will be maintaining the Exploit Acquisition
Program is Netragard, L.L.C. You can see their web site at
http://www.netragard.com. We were not sure if this idea was going to gain
any traction at first so we kept the name quiet while we tested the waters.
Having said that, anyone could figure out what company it was by doing a bit
of research. ;)

On 1/17/07 1:33 PM, "Tim Newsham" <newsham (at) lava (dot) net [email concealed]> wrote:

>> More importantly, the company that I am working with is no different
>> than iDefense. In fact, they both sell their exploits and harvested research
>> to the same people. The only real difference is in the amount of money that
>> the researcher realizes when the transactions are complete. This difference
>> is a direct result of low corporate overhead.
> [...]
>> IDefense is reselling these exploits to the same third parties as the
>> business that I work for, or at least I assume that they are. Both
> iDefense
>> and our buyers use the exact same list of software targets.
>
> Is there a reason you are withholding the name of the company you work
> with? Inquiring minds want to know. We all know about iDefense.
> (The added secrecy makes one suspicious...)
>
>> Lastly, all transactions require that the researcher engage the company
>> that I work with in a tight contract. This contract ensures that both
>> parties are legitimate and also protects both parties. They don't do that on
>> the black market do they?
>
> Surely someone who was going to break one law would have no qualms
> about breaking another (ie. contract law)...
>
> Tim Newsham
> http://www.thenewsh.com/~newsham/
>

[ reply ]