Home page logo
/

dailydave logo Dailydave mailing list archives

Re: Stuff you might have missed in the CANVAS Ecosystem
From: "Mohammad Hosein" <mhtajik () gmail com>
Date: Thu, 16 Oct 2008 12:10:15 +0330

most of the 0days - if not all - are targeting very rare software like Novel
stuff and when you buy Canvas you buy 3 month worth of updates not a year .
like Parity mentioned in his email i'd like the developers know that a more
flexible licensing model and price would help them with a new market consist
of freelancers and individuals who are in the pentest business and do not
have huge load of cash the same as they dont earn such money easy like a
company can do with an enterprise-grade pentest project .

On Thu, Oct 16, 2008 at 2:27 AM, Dean Pierce <piercede () pdx edu> wrote:

If they even listed the affected software, wouldn't the vendor just buy
up the module and fix the 0day?  It would be interesting to see a list
of older vulnerabilities, and maybe some mention their reliability just
to see how it stacks up against other exploitation frameworks.

Anyway, when you buy CANVAS, the most important thing you get is every
exploit they come up with for the next year, so not even the researchers
know what it is you are really buying.

   - DEAN

Speaking as a freelancer, this is a constant challenge for me.  Among the
research costs I can't really pass directly on to customers, there's stuff
like:

CanSec: ~ $1800.00  (Maybe if I wasn't too lazy to submit a talk...)
BinDiff: $1330
MSDN subscription: another couple grand

So instead of going to CanSec, I stick to the inexpensive conferences
(Shmoocon, Toorcon, etc).  And I buy MS products @ the MSFT company store as
needs require.  And I just do without cool stuff like Bindiff. :(

Anyway, I guess I'm chiming in here to suggest to Dragos & Halvar & others
that I'd love to buy their products / services, but paying full price is
just not economical for an indy player like myself.  They could easily
capture additional revenue from the little market segment that's made up of
guys like me (go read Joel Spolsky's essay on differential pricing called
Camels & Rubber Duckies for hints).  I'm not sure there's enough people in
my position to justify their going to the trouble, but I wish they would.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]