Symantec Buys SecurityFocus, among others.

[full-disclosure () lists netsys com (Ed Moyle)]

On Thursday, July 18, 2002 22:57, Brian Hatch wrote:

> This and other 'Protect your code with the DMCA' ideas are
interesting.
> So we lock down our exploits with crappy encryption, hope someone uses
> them, and sue.  Hopefully we win, and we get a nice check.

>       And the DMCA has just been upheld in court.

It does make a point about the stupidity of the DMCA, though...  Win or
lose, there is victory.  If you win, somebody stealing your work gets
slapped.  If you lose, the DMCA is weakened.

However, I spent some time thinking about this yesterday, and I've come
to the conclusion that I *want* the "good guys" to be able to scan for
exploits.  If, through my actions, I make it harder for somebody to
defend their network or whatever from attack, I don't want that.  That's
the reason I think most people post vulnerabilities anyway: they want to
help the community rather than hurt it.  It is just a shame that many
companies don't have the same morality, and simultaneously make it
harder
for the good guys to fight the good fight and make money off of the work
that people are freely donating.  It is a problem in my opinion.  I
don't
care if I don't get any credit or cash from research; that's not why I
do
it in the first place.  Instead it is about giving back to a community
that has given freely to me...

-E