[39973] in bugtraq
Re: 3Com launches vulnerability-buying program
daemon@ATHENA.MIT.EDU (Matt Palmer)
Thu Jul 28 13:51:17 2005
Date: Wed, 27 Jul 2005 12:23:58 +1000
From: Matt Palmer <mpalmer@hezmatt.org>
To: bugtraq@securityfocus.com
Message-ID: <20050727022358.GD17810@localhost.localdomain>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="yLVHuoLXiP9kZBkt"
Content-Disposition: inline
In-Reply-To: <IK6SEF$A665F60DE646594707C2DED522A5C811@aucegypt.edu>
--yLVHuoLXiP9kZBkt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jul 25, 2005 at 02:03:51PM +0000, Ghaith Nasrawi wrote:
> as it was announced few minutes ago that "3Com launches
> vulnerability-buying program" (through TippingPoint, a company 3Com
> acquired earlier this year)
>=20
> http://www.securityfocus.com/news/11253
> http://www.zerodayinitiative.com/
>=20
> so what do you think about this step? Obviously, they are trying to
> fight public disclosure of security vunl's (that why bugtraq exists)
> and buy the information so they can have 0day signatures to
> TippingPoint IPS solution.
It's probably pretty good for TippingPoint customers. Seems pretty
reasonable from a commercial point-of-view -- if enough extra people buy the
software to offset the cost of the purchases, then it's a win for 3Com. I
doubt that they'll be offering the sort of money that is going to make a
real clueful zombiemaster roll over and play ball, however, so in the same
way that paying police informants hasn't eradicated crime, I don't think
this is going to be a solution to the problem. It's an interesting take on
the situation, though.
- Matt
--yLVHuoLXiP9kZBkt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFC5vA+BEnrTWk1E4cRAnwGAJ4i2o/f+P63PBxN6RPMBA/ohzLRXQCfcgzV
y6Auy2S7gAVMVzdh39KAxEc=
=f7Ol
-----END PGP SIGNATURE-----
--yLVHuoLXiP9kZBkt--
