|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
* Marcus J. Ranum (mjr@NFR.NET) [000921 16:29]: > At 09:36 AM 9/21/00 -0400, Adam Shostack wrote: > >Alice discovers a vulnerability, and wants to tell Bob, but thinks Bob > >may steal it. > > > If I understand correctly, the concern is that someone might > "steal" the "credit" for disclosing something? So is this just > an exercise in protecting marketing rights to see who gets to > publicly count coup on a vendor? Given that people cannot make money from disclosing vulnerabilities (that would be called blackmail), other than desire of helping the world be a more secure place, credit is the only incentive people have to disclose vulnerabilities. People need some type of remuneration for their work even if its not a financial one. Maybe you'd like to stop charging money for NFR, and if I recall correctly you weren't particularly trilled when people took copies of the firewall toolkit, your work, and sold it as a commercial product without giving you any credit. The world is such a cruel place. > mjr. > > ----- > Marcus J. Ranum > Chief Technology Officer, Network Flight Recorder, Inc. > Work: http://www.nfr.net > Personal: http://www.ranum.com -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
