A single line drawn by Picasso, an Iraqi artist, and a buffer overflow.

[Dave Aitel <dave () immunitysec com>]

Thomas's posts are again genius. He needs to cross post them here, so I 
stop doing so. :>
http://www.sockpuppet.org/tqbf/log/

Speaking of buying exploits, I've been toying with the idea recently 
that exploit purchasing is done on the artwork principle. I.E. rather 
than modeling it as a commodity or based on game theory, people should 
model it the way they purchase paintings. People don't just purchase 
paintings based on the colors and weight. They tend to think of a 
certain historical context. Recently, a friend purchased a painting for 
me in Tikrit. This painting, while worth a lot more, imo, cost around 15 
dollars. Surely this concept comes into play with exploits as well. Was 
the GOBBLES apache-nosejob.c exploit worth more because of the exciting 
events that surrounded the disclosure?

I offer this humble offering to the economists of the vulnerability 
disclosure debate future. :>

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave