Vulnerability Development mailing list archives
RE: 0-day exploit..do i hear $1000?
From: Scoubidou <scoubi-bugtraq () altern org>
Date: Thu, 18 Oct 2001 16:30:34 -0400
At 11:28 AM 10/18/01 -0700, Don Weber wrote:
say 25000$ in a trust fund which has a panel of lets say 20 judges from the security industry, then after money is confirmed deposited to fund, hacker tells company what the problem is, company writes/releases patch, panel of Judges then read the reports on do whatever testing they themselves think necessary, and as a result vote on how much of the 25k is awarded to the
What about freeware? GPL? and other? How those person are suppose to give 25k to a hacker? Just think of OpenBSD or any other free OS. If you ever find a security problem in OpenBSD I'm sure they'll be happy to fix it quite quick. But I don't see how they'll be able to pay you... I don't think seling OpenBSD and OpenSSH t-shirts give them a lot of money. Same thing with the people who write .cgi or other web goodies. They do that in there spare time and share it with the comunity to save you the time they took to build their products. Still I realy don't understand how those person would be able to pay you money for a bug. Another thing is: Where they are suppose to find the money to hire 20 judges? For what I understand your mail was aiming mostly at M$. I'm not a M$ fan, but I don't belive it will be faire that they have to pay if other don't just beacause they have a more money. Just my .02ยข
Current thread:
- 0-day exploit..do i hear $1000? RT (Oct 18)
- Re: 0-day exploit..do i hear $1000? Jonathan M. Smith (Oct 18)
- Re: 0-day exploit..do i hear $1000? Fyodor (Oct 18)
- Message not available
- RE: 0-day exploit..do i hear $1000? Scoubidou (Oct 18)
- Re: 0-day exploit..do i hear $1000? Joe G. (Oct 18)
- RE: 0-day exploit..do i hear $1000? Ron DuFresne (Oct 18)
- RE: 0-day exploit..do i hear $1000? Scoubidou (Oct 18)
- Re: 0-day exploit..do i hear $1000? dullien (Oct 19)
- <Possible follow-ups>
- Re: 0-day exploit..do i hear $1000? rain forest puppy (Oct 18)
- Re: 0-day exploit..do i hear $1000? RT (Oct 18)
- RE: 0-day exploit..do i hear $1000? Steve (Oct 18)
- RE: 0-day exploit..do i hear $1000? (a net admins 2 cents) leon (Oct 20)
- Re: 0-day exploit..do i hear $1000? security curmudgeon (Oct 20)
- Re: 0-day exploit..do i hear $1000? bacano (Oct 21)
- Re: 0-day exploit..do i hear $1000? RT (Oct 18)