Re: TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws

["ric k" <cygnus.0ff () gmail com>]

i simply see this as a desperate attempt by TippingPoint to look like a sec
company. that's all nothing else. u can sell security products only when
people trust that u understand security/vulns and TippingPoint seems to be
'cleverly' outsourcing sec research to others :))

smart move, but this don't impress (atleast me) much. there must be so many
attacks on the wild, how much does it really matter if u block some Crystal
Reports/AOL 0day? lol

anyway this atleast pays some $$ to all those vuln researchers (who actually
disclose stuff to guys like TP and idefense!!!!), so u may actually take on
vuln research without working for some company and earn some $$ while at
home.

-cyg

On 8/29/06, Michal Zalewski <lcamtuf () dione ids pl> wrote:
> On Mon, 28 Aug 2006, Josh Bressers wrote:
>
> > What does this practice accomplish though?  As an outsider it seems that
> > the goal here is to frighten people into purchasing your service lest
> they
> > be compromised.
>
> Of course; that's what many companies do. The side effect is coercing
> vendors into fixing problems faster, when bugged by a couple of reporters
> too.
>
> /mz
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.