1 |
[multiple replies here] |
2 |
|
3 |
Daniel Brandt wrote: |
4 |
|
5 |
> I don't think jealosy has anything to do with it. But seeing how some |
6 |
> in the industry profit out of freely available exploit code and |
7 |
> original research, without giving either credit or some of the profit |
8 |
> back to the originators, I understand them. |
9 |
|
10 |
Understood. :) |
11 |
|
12 |
> How fun do you think it would be for a guy hacking away at some |
13 |
> exploit code in his dormroom for free, only to discover it the |
14 |
> next day in an advisory. That would piss me off badly. |
15 |
|
16 |
Are you pissed because someone stole your work? Or are you pissed |
17 |
because someone else found the flaw faster than you? In the scenario you |
18 |
describe above, it sounds like someone else found the flaw before you |
19 |
and there was no mal intent against you. |
20 |
|
21 |
> When security companies get tired of trying to be the |
22 |
> first to announce an advisory, it might even become a nice place again. |
23 |
|
24 |
With the money to be made pushing "security solutions", I wouldn't hold |
25 |
my breath. :) |
26 |
|
27 |
Florian Weimer wrote: |
28 |
|
29 |
> However, I'm sure that most of this rediscovery is truly indepedent. |
30 |
|
31 |
According to NISCC's website, Steve Bellovin and Rob Thomas helped with |
32 |
the advisory. I would hope that both people knew about the original ISN |
33 |
problems. Why would they help rehash old news? Profit? I would hope not. |
34 |
Fame? Steve and Rob are well known in the network security field. |
35 |
|
36 |
BTW, I appreciate this discussion with everyone. I have been following |
37 |
the same discussions on other mailing list and this one seems to be the |
38 |
most level-headed without any ego. :) |
39 |
|
40 |
Devon |
41 |
|
42 |
-- |
43 |
gentoo-security@g.o mailing list |