Full Disclosure mailing list archives
Re: iDefense Q-1 2007 Challenge
From: Simon Smith <simon () snosoft com>
Date: Tue, 16 Jan 2007 15:17:16 -0500
Well, I guess that miscommunication sums it up and I apologize (publicly) for being such a snappy brat. For the record though, this isn't something that the company markets at all. We've been doing this for a while and are very selective about who we work with. Hence, why there is no real marketing. I wanted to test the waters and see what kind of response I could get from the community. So far, its been very interesting. On 1/16/07 3:06 PM, "Blue Boar" <BlueBoar () thievco com> wrote:
Simon Smith wrote:Blue Boar, Simply put, and with all due respect, you're wrong.About? I see basically two assertions in my note; 1) that I would sell to iDefense or TippingPoint. Surely you're not going to tell me what I would do? And 2) That iDefense isn't doing the same thing that Blackhats are. Is the latter one the one you disagree with?Furthermore I don't appreciate you directly or indirectly suggesting that these exploits are being sold on the black market, that will never happen on my watch, ever!If you look carefully, you'll see I was replying to Kevin, who did make a comparison to selling to blackhats. I hadn't even seen your note at the point, and I wasn't replying to you, and I didn't quote anything you wrote. So I assume you think I was saying that your company is selling to blackhats. I wouldn't think you were. Certainly you don't mean to claim that, in general, the entire market never sells to blackhats, nor that you have any control over what others do.More importantly, the company that I am working with is no different than iDefense. In fact, they both sell their exploits and harvested research to the same people. The only real difference is in the amount of money that the researcher realizes when the transactions are complete. This difference is a direct result of low corporate overhead. Lastly, all transactions require that the researcher engage the company that I work with in a tight contract. This contract ensures that both parties are legitimate and also protects both parties. They don't do that on the black market do they?So, is the problem that I didn't realize you guys also bought vulns, and that you pay more? No, I had no idea that you did. I guess some better marketing is in order. The quarterly challenge thing is pretty good for publicity, maybe you guys should do one of those. BB
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE, (continued)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Roman Medina-Heigl Hernandez (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Roman Medina-Heigl Hernandez (Jan 18)
- Re: iDefense Q-1 2007 Challenge -I WILL BUY FOR MORE Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge Blue Boar (Jan 16)
- Re: iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: iDefense Q-1 2007 Challenge Simon Smith (Jan 16)
- Re: iDefense Q-1 2007 Challenge Blue Boar (Jan 16)
- Re: iDefense Q-1 2007 Challenge Simon Smith (Jan 16)
- Re: iDefense Q-1 2007 Challenge Tim Newsham (Jan 17)
- Re: [_SUSPEKT] - Re: iDefense Q-1 2007 Challenge - Bayesian Filter detected spam Simon Smith (Jan 18)
- Re: iDefense Q-1 2007 Challenge ad () heapoverflow com (Jan 16)
- Re: iDefense Q-1 2007 Challenge K F (lists) (Jan 16)
- Re: iDefense Q-1 2007 Challenge Mark Sec (Jan 16)