RE: Announcing the Zero Day Initiative

["Andrew R. Reiter" <arr () watson org>]

Will that _seriously_ stand up in court; given that this is taking place 
in the USA, a USA court?

On Mon, 25 Jul 2005, David Endler wrote:

:Hey Halvar,
:
:By our own standards, 3Com cannot use any vulnerability information or report it to anyone until it is officially 
purchased.  We have more to lose from a trust and legal standpoint:
:
:http://www.zerodayinitiative.com/benefits.html
:
:"If an offer is not made or an offer is made but not accepted by the researcher, the vulnerability information will 
remain the property of the researcher and will not be used in the Zero Day Initiative (ZDI) program."
:
:-dave
:
:-----Original Message-----
:From: Halvar Flake [mailto:HalVar () gmx de] 
:Sent: Monday, July 25, 2005 7:51 AM
:To: David Endler
:Cc: dailydave () lists immunitysec com
:Subject: Re: [Dailydave] Announcing the Zero Day Initiative
:
:Hey all,
:
:I have a question regarding the program:
:
:Let's assume for some reason the ZDI's bid is too low, what happens with the information ? Is there any guarantee that 
ZDI does not pass the submitted information to software vendors and/or government organisations without having paid ? 
It's going to be very tricky to legally enforce security problems as IP. 
:
:CHeers,
:Halvar
:
:--
:5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
:+++ GMX - die erste Adresse f�r Mail, Message, More +++
:_______________________________________________
:Dailydave mailing list
:Dailydave () lists immunitysec com
:https://lists.immunitysec.com/mailman/listinfo/dailydave
:
:

--
Andrew R. Reiter
arr () watson org

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave