mailing list archives
Re: Office 0day
From: Jared DeMott <demottja () msu edu>
Date: Mon, 25 Jun 2007 16:30:43 -0400
secure poon wrote:
Microsoft is a 280+ billion dollar corporation. Why don't/can't they
have a standard ransom fee for security flaws?
0day Remote OS flaw: $1,000,000
0day IE explorer flaws that give administrative shells: $200,000
0day (other flaws) that affect other products (ie office): $200,000
etc..(these fees could be much higher)
Provided the person who discovered the vulnerability gives a full
working patch, Then Microsoft could patch the hole right away and
people could update. (yes i know lots of people don't update but at
least it is a start, and then legally they would be so liable). Maybe
this concept isint new and I am just in the dark about it.
Why does'nt Microsoft (or any company) do this? And also has
Microsoft ever been held criminaly liable for negligence in a criminal
case for not patching a flaw leading to a security breach? Or is there
team of lawyers just to much for any normal person?
All I can say is AMEN. Having to sell to TPs, iDefs, and Nation States
is so much more painful.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Office 0day Jared DeMott (Jun 25)