Full Disclosure mailing list archives

Re: The Auction Site made Forbes.

From: bugtraq () cgisecurity net
Date: Mon, 9 Jul 2007 18:23:49 -0400 (EDT)

In a way a larger company (beyond idefense/tippingpoint) getting involved will be to our advantage. 
There hasn't been a high profile lawsuit against a vuln researcher for finding and selling an 0day
at this point (that I can think of) and it's only a matter of time before it happens. A company with a closed 
source product can claim EULA agreement violations as well as IP violations. While they may not 
win the lawsuit they will punish you with lawyer fee's potentially bankrupting you and I'd rather not 
be the one to test the theory.

By working with an established company as a researcher you may be offered some sort of legal protection 
provided by the terms of the agreement with the company you're selling it to, if said vulnerable company came 
after you.                          

Regards,
- Robert
http://www.cgisecurity.com/ Website and Application security news         
http://www.webappsec.org/ The Web Application Security Consortium

Hadn't thought about it that way... ;]

Let the fun begin.


On 7/9/07 4:25 PM, "Valdis.Kletnieks () vt edu" <Valdis.Kletnieks () vt edu>
wrote:

On Mon, 09 Jul 2007 15:50:16 EDT, Simon Smith said:

Guys,  
    Thought you might like to see this:

http://www.forbes.com/home/security/2007/07/06/security-software-hacking-tech
-security-cx_ag_0706vulnmarket.html


Just fsck'ing great.  Now we'll have venture capitalists and arbitrage
specialists and all that ilk wanting a piece of the action.  You thought this
was all morally murky *before*, you ain't seen nothing yet. :)



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

An Auction Site for Vulnerabilities Ivan . (Jul 05)
- <Possible follow-ups>
- Re: An Auction Site for Vulnerabilities Fakhar Imran (Jul 06)
  - Re: An Auction Site for Vulnerabilities evilrabbi (Jul 06)
- Re: An Auction Site for Vulnerabilities Fakhar Imran (Jul 08)
- Re: An Auction Site for Vulnerabilities Joey Mengele (Jul 09)
  - The Auction Site made Forbes. Simon Smith (Jul 09)
    - Re: The Auction Site made Forbes. Valdis . Kletnieks (Jul 09)
    - Re: The Auction Site made Forbes. Simon Smith (Jul 09)
    - Re: The Auction Site made Forbes. bugtraq (Jul 10)
    - Re: The Auction Site made Forbes. Valdis . Kletnieks (Jul 10)
- Re: An Auction Site for Vulnerabilities ene0toue ene0toue (Jul 10)
- Re: An Auction Site for Vulnerabilities Joey Mengele (Jul 10)
  - Re: An Auction Site for Vulnerabilities Simon Smith (Jul 10)