|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- To: "Marcus J. Ranum" <mjr@nfr.net>
- Subject: Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- From: aleph1@securityfocus.com
- Date: Thu, 21 Sep 2000 09:41:33 -0700
- Cc: Adam Shostack <adam@HOMEPORT.ORG>, "Steven M. Christey" <coley@linus.mitre.org>, cve-editorial-board-list@lists.mitre.org
- Delivery-Date: Thu Sep 21 12:45:29 2000
- In-Reply-To: <4.3.1.2.20000921094157.00a87870@fraggle.nfr.net>; from mjr@NFR.NET on Thu, Sep 21, 2000 at 09:43:09AM -0400
- References: <200009210010.UAA29952@teagarden.mitre.org> <200009210010.UAA29952@teagarden.mitre.org> <20000921093619.A11255@weathership.homeport.org> <4.3.1.2.20000921094157.00a87870@fraggle.nfr.net>
* Marcus J. Ranum (mjr@NFR.NET) [000921 16:29]: > At 09:36 AM 9/21/00 -0400, Adam Shostack wrote: > >Alice discovers a vulnerability, and wants to tell Bob, but thinks Bob > >may steal it. > > > If I understand correctly, the concern is that someone might > "steal" the "credit" for disclosing something? So is this just > an exercise in protecting marketing rights to see who gets to > publicly count coup on a vendor? Given that people cannot make money from disclosing vulnerabilities (that would be called blackmail), other than desire of helping the world be a more secure place, credit is the only incentive people have to disclose vulnerabilities. People need some type of remuneration for their work even if its not a financial one. Maybe you'd like to stop charging money for NFR, and if I recall correctly you weren't particularly trilled when people took copies of the firewall toolkit, your work, and sold it as a commercial product without giving you any credit. The world is such a cruel place. > mjr. > > ----- > Marcus J. Ranum > Chief Technology Officer, Network Flight Recorder, Inc. > Work: http://www.nfr.net > Personal: http://www.ranum.com -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
- Follow-Ups:
- Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- From: "Marcus J. Ranum" <mjr@nfr.net>
- Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- References:
- [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- From: Adam Shostack <adam@homeport.org>
- Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- From: "Marcus J. Ranum" <mjr@nfr.net>
- [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- Prev by Date: Vulnerability discovery credits, vendor acknoweldgement, and CVE
- Next by Date: Re: Vulnerability discovery credits, vendor acknoweldgement, and CVE
- Prev by thread: Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- Next by thread: Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
- Index(es):