|
Dailydave
mailing list archives
Re: Lap Dances for All
From: Adam Shostack <adam () homeport org>
Date: Thu, 3 Mar 2005 14:15:51 -0500
On Thu, Mar 03, 2005 at 02:40:18PM -0500, Chris Wysopal wrote:
|
|
| On Thu, 3 Mar 2005 surreal () delusory org wrote:
|
| > Does the NDA, or anything other than pride, prevent Microsoft from
| > joining the VSC and addressing these "tactical nukes" as they're
| > deployed? If so, it would be magnanimous to offer MS a special license
| > at a reasonable price ($300K too cheap?) that would allow them to share
| > the vulnerabilities internally and address them.
|
| I imagine that Microsoft doesn't want to join a VSC to get vulnerability
| information as that would set a precedent with the ultimate result being
| 200 VSCs, each with one researcher contributing and charging ever higher
| membership fees.
But wouldn't that protect their customers better?
This may sound like sarcasm, but if Microsoft believes that customers
are better protected when vulns are not made public, then perhaps they
should bid on exclusivity in new vuln information. Competition
between buyers may drive prices up for a while, but 0day that gets
distributed will create competition between sellers, driving price
back down.
This would also create pressure on the discoverers of 0day to disclose
it sooner. Admittedly, it might burn some to be paying researcher
salaries, but think about the tradeoff.
Adam
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
- RE: Lap Dances for All, (continued)
|
Intro
