[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey



At 2:19 PM -0400 9/21/00, Marcus J. Ranum wrote:
>aleph1@securityfocus.com wrote:
>>Given that people cannot make money from disclosing vulnerabilities
>>(that would be called blackmail), other than desire of helping
>>the world be a more secure place, credit is the only incentive people
>>have to disclose vulnerabilities.
>
>I see. At least someone's willing to be honest about what's
>going on. So the whole purpose is as a means of marketing
>oneself?
>
>Am I the only person who finds this a rather thin, lame
>justification?

I think that you are.  Humans like to have pride in what they do, whether it's a hobby or work.  It's a sad thing if they don't get any.  Personnally I think that having pride in cracking a puzzle is much more commendable than being proud of having memorized the statistics of some sports team or answers to some trivia.  Moreover the solutions have value, contrarily to what you implied.  I don't do what I do just for money -- if I did that would make me a whore.

I think that we spent enough bandwidth on this -- that's how people are, whether you like it or not.  Please email me and Aleph privately if you want to continue this discussion.

Pascal

Page Last Updated or Reviewed: May 22, 2007