Create an Account
username: password:
 
  MemeStreams Logo

RE: Researchers seek cash for software flaws - Yahoo! News
search
Home Agent Weblogs Social Network Post Help About

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
RE: Researchers seek cash for software flaws - Yahoo! News
Topic: Miscellaneous 6:47 pm EDT, Jul 23, 2007

freakn wrote:
Don't wanna give away vulns for free? Try auctioning to the newly formed market.

Try being the operative word. While WabiSabiLabi has gotten lots of press over the past few weeks, there are only 5 vulnerabilities there, four of which were there when I first heard about the site. Two have apparently been purchased. There has been a public effort to reverse engineer at least one of the bugs based soley on the title description. The problems are:

1. If you put something serious up for auction the security community would react immediately, and they may react by auditing instead of purchasing. A day of auditing costs less than $10,000.

2. You have to sell to the highest bidder, even if the highest bidder is Osama Bin Lauden. This takes all of the ethics out of the practice.

I think this has mostly just been an occaision for various people in the industry to express their views on more serious efforts such as those pursued by TippingPoint and iDefense. You can sell them bugs. WabiSabiLabi is not serious until its serious. In any event, I don't really think its possible to sustain one's self as a researcher on money made this way. If you find something, you might make some bucks off of it, but you aren't going to find enough on a regular basis to keep a roof over your head.

RE: Researchers seek cash for software flaws - Yahoo! News

Thread [2]


  
 
Powered By Industrial Memetics		RSS2.0