Re: ISS vs. Cisco: Chapter 2

[Florian Weimer <fw () deneb enyo de>]

FX wrote:

> I leave the ethical aspects of this request by ISS for the consideration 
> of the inclined reader.

They have to collect exploits to write shell code for their IDS
products, otherwise they can't create signatures.  I recall a similar
request and it included this piece of information.

Of course, this doesn't make this activity less questionable.  You
normally don't see it because usually, ISS and others can obtain
exploits quietly through "responsible disclosure", especially if ISS
serves as a coordinator or is somehow involved (via IT-ISAC, for
example).