Secure Coding mailing list archives
Disclosure: vulnerability pimps? or super heroes?
From: BlueBoar at thievco.com (Blue Boar)
Date: Tue, 27 Feb 2007 15:32:06 -0800
J. M. Seitz wrote:
On a related note, does anyone have an example where Company A was disclosing vulnerabilities about competing Company B's product and got into trouble over it? Is this something that could be litigated?
In fact, Tom Ptacek found a hole in one of Marcus' products while working for a competitor. I suspect Tom reported it properly, though. This research pissed MJR off to no end, which he made clear at one Black Hat talk he gave, with Tom standing at the back of the room. I suspect this was a key point in MJR's life when his code got touched in an inappropriate way, and has led to his current level of curmudgeonry. Or, for a more contemporary example, witness Symantec researchers looking for holes in just about everything. I fail to see any merit for a legitimate lawsuit. Of course, in the US, you can sue whomever you please. BB
Current thread:
- Disclosure: vulnerability pimps? or super heroes? Gary McGraw (Feb 27)
- Disclosure: vulnerability pimps? or super heroes? J. M. Seitz (Feb 27)
- Disclosure: vulnerability pimps? or super heroes? Blue Boar (Feb 27)
- Disclosure: vulnerability pimps? or super heroes? Steven M. Christey (Mar 05)
- Disclosure: vulnerability pimps? or super heroes? Stuart Moore (Mar 05)
- Disclosure: vulnerability pimps? or super heroes? Michael Silk (Feb 27)
- <Possible follow-ups>
- Disclosure: vulnerability pimps? or super heroes? Gary McGraw (Mar 05)
- Disclosure: vulnerability pimps? or super heroes? Kenneth Van Wyk (Mar 06)
- Disclosure: vulnerability pimps? or super heroes? Blue Boar (Mar 06)
- Disclosure: vulnerability pimps? or super heroes? Steven M. Christey (Mar 06)
- Disclosure: vulnerability pimps? or super heroes? Steven M. Christey (Mar 06)
- Disclosure: vulnerability pimps? or super heroes? Kenneth Van Wyk (Mar 06)
- Disclosure: vulnerability pimps? or super heroes? J. M. Seitz (Feb 27)