Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Office 0day
From: "secure poon" <suckure () gmail com>
Date: Mon, 25 Jun 2007 13:18:42 -0700

*Proposition*

Microsoft is a 280+ billion dollar corporation. Why don't/can't they have a
standard ransom fee for security flaws?

0day Remote OS flaw: $1,000,000
0day  IE explorer flaws that give administrative shells: $200,000
0day (other flaws) that affect other products (ie office): $200,000
etc..(these fees could be much higher)

Provided the person who discovered the vulnerability gives a full working
patch, Then Microsoft could patch the hole right away and people could
update. (yes i know lots of people don't update but at least it is a start,
and then legally they would be so liable). Maybe this concept isint new and
I am just in the dark about it.

*Question*
**
Why does'nt Microsoft (or any company) do this? And also has Microsoft ever
been held criminaly liable for negligence in a criminal case for not
patching a flaw leading to a security breach? Or is there team of lawyers
just to much for any normal person?




On 6/25/07, Kradorex Xeron <admin () digibase ca> wrote:

On Sunday 24 June 2007 16:19, toto.toto () webmail co za wrote:
> I can't give detail here

Isn't  this list called "full-disclosure"? - in otherwords: If you aren't
going to disclose anything: DON'T post that you "have something". This
list
is designed specifically for disclosing (and discussing on the occasion)
vulnerabilities, problems, etc to the entire community at once, not just
selectively who you choose (i.e. who buys your "0day").

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]