Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: No more free bugs (and WOOT)

From: Sebastian Krahmer <krahmer () suse de>
Date: Thu, 9 Apr 2009 11:12:44 +0200

No more free bucks?

On Wed, Apr 08, 2009 at 11:17:29AM -0500, Charles Miller wrote:


Hi everybody.

You may have heard some about the No More Free Bugs campaign 
(http://blog.trailofbits.com/2009/03/22/no-more-free-bugs/ 
)  Basically, it is the chance for researchers to unite to get paid  
for the hard work we do.  As long as folks continue to give bugs to  

The hard work we do? Are you kidding? :)
I see dozens of unimportant "bugs" and advisories each day. Some of them
mentioning things I've thrown away during an audit b/c i thought
nobody will ever be interested in it, not to mention even pay
for such silliness.
I have a different opinion for closed source products, but for open
and free software, its fair to give them "free bugs".
Nobody forces you to disclose your sshd 0day, but if its only about the bucks,
we will end up in a weird even more insecure world since ppl are hunting down
bugs in software that offers most profit and developers waiting with bug-reports
until products are released so they can earn money for a report instead of
fixing things right away. Early fixing and correct software becomes a money-loss
and so you will have plenty of buggy servises running.

regards,
Sebastian



-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: