Dailydave mailing list archives
Re: Lap Dances for All
From: Chris Wysopal <weld () vulnwatch org>
Date: Thu, 3 Mar 2005 13:15:47 -0500 (EST)
halvar () gmx de said:
It is clear that we thus need to "link" the risk of widespread attacks using unknown vulnerability back into the market. I see two avenues of doing this: 1. Make the software industry liable for damages from worms etc. -- obviously, they would have to buy insurance for this 2. Create a market for vulnerabilities where the folks that find bugs have a place to go and get paid for their work
If the market is a VSC, unless the VSC informs the vendor (or makes the issue public at a later date) then the positive security effect you are looking for is only for the people subscribing to that particular VSC. This is only going to be a small fraction of the overall software market. And even those in the club can't use this information as leveage with vendors. However if the VSC informs the vendor (or goes public) it devalues the information it is selling because it will be relevant a shorter period of time. So market value is lower for researchers contributing to vendor informing VSCs. This would tend to make non-informing VSCs more profitable and drive research toward them. Thus taking vulnerability information out of the public where it can be used as leverage against vendors to get them to ship less buggy products. -Chris _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Lap Dances for All, (continued)
- Re: Lap Dances for All Andre Ludwig (Mar 02)
- Re: Lap Dances for All dan (Mar 02)
- Re: Lap Dances for All Andre Ludwig (Mar 02)
- Re: Lap Dances for All Rodney Thayer (Mar 02)
- Re: Lap Dances for All Jason (Mar 02)
- Re: Lap Dances for All halvar (Mar 02)
- Re: Lap Dances for All Jason (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- Re: Lap Dances for All Andre Ludwig (Mar 02)
- Re: Lap Dances for All dan (Mar 03)
- RE: Lap Dances for All Chris Wysopal (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- RE: Lap Dances for All security curmudgeon (Mar 04)