| 1 |
[multiple replies here] |
| 2 |
|
| 3 |
Daniel Brandt wrote: |
| 4 |
|
| 5 |
> I don't think jealosy has anything to do with it. But seeing how some |
| 6 |
> in the industry profit out of freely available exploit code and |
| 7 |
> original research, without giving either credit or some of the profit |
| 8 |
> back to the originators, I understand them. |
| 9 |
|
| 10 |
Understood. :) |
| 11 |
|
| 12 |
> How fun do you think it would be for a guy hacking away at some |
| 13 |
> exploit code in his dormroom for free, only to discover it the |
| 14 |
> next day in an advisory. That would piss me off badly. |
| 15 |
|
| 16 |
Are you pissed because someone stole your work? Or are you pissed |
| 17 |
because someone else found the flaw faster than you? In the scenario you |
| 18 |
describe above, it sounds like someone else found the flaw before you |
| 19 |
and there was no mal intent against you. |
| 20 |
|
| 21 |
> When security companies get tired of trying to be the |
| 22 |
> first to announce an advisory, it might even become a nice place again. |
| 23 |
|
| 24 |
With the money to be made pushing "security solutions", I wouldn't hold |
| 25 |
my breath. :) |
| 26 |
|
| 27 |
Florian Weimer wrote: |
| 28 |
|
| 29 |
> However, I'm sure that most of this rediscovery is truly indepedent. |
| 30 |
|
| 31 |
According to NISCC's website, Steve Bellovin and Rob Thomas helped with |
| 32 |
the advisory. I would hope that both people knew about the original ISN |
| 33 |
problems. Why would they help rehash old news? Profit? I would hope not. |
| 34 |
Fame? Steve and Rob are well known in the network security field. |
| 35 |
|
| 36 |
BTW, I appreciate this discussion with everyone. I have been following |
| 37 |
the same discussions on other mailing list and this one seems to be the |
| 38 |
most level-headed without any ego. :) |
| 39 |
|
| 40 |
Devon |
| 41 |
|
| 42 |
-- |
| 43 |
gentoo-security@g.o mailing list |
Archives