[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
aleph1@securityfocus.com wrote:
>Given that people cannot make money from disclosing vulnerabilities
>(that would be called blackmail), other than desire of helping
>the world be a more secure place, credit is the only incentive people
>have to disclose vulnerabilities.
I see. At least someone's willing to be honest about what's
going on. So the whole purpose is as a means of marketing
oneself?
Am I the only person who finds this a rather thin, lame
justification?
>People need some type of remuneration for their work even if its not
>a financial one.
I see. Ego-gratification?
That's the reason I raised this issue. If folks are really
considering using cryptographic hashes and whatnot, just to
protect their ego-bragging rights, that seems like massive
technological overkill for what's really a social problem.
I.e.: "grow up, guys."
> Maybe you'd like to stop charging money for NFR, and
>if I recall correctly you weren't particularly trilled when people took
>copies of the firewall toolkit, your work, and sold it as a commercial
>product without giving you any credit.
There's no similarity at all. I sell a product. It has tangible
value. Not ego value, not marketing value.
>The world is such a cruel place.
It's only a cruel place if you're willing to tolerate such
behavior, Aleph.
mjr.
-----
Marcus J. Ranum
Chief Technology Officer, Network Flight Recorder, Inc.
Work: http://www.nfr.net
Personal: http://www.ranum.com