Simon Smith wrote: > Blue Boar, > Simply put, and with all due respect, you're wrong. About? I see basically two assertions in my note; 1) that I would sell to iDefense or TippingPoint. Surely you're not going to tell me what I would do? And 2) That iDefense isn't doing the same thing that Blackhats are. Is the latter one the one you disagree with? > Furthermore I don't > appreciate you directly or indirectly suggesting that these exploits are > being sold on the black market, that will never happen on my watch, ever! If you look carefully, you'll see I was replying to Kevin, who did make a comparison to selling to blackhats. I hadn't even seen your note at the point, and I wasn't replying to you, and I didn't quote anything you wrote. So I assume you think I was saying that your company is selling to blackhats. I wouldn't think you were. Certainly you don't mean to claim that, in general, the entire market never sells to blackhats, nor that you have any control over what others do. > More importantly, the company that I am working with is no different > than iDefense. In fact, they both sell their exploits and harvested research > to the same people. The only real difference is in the amount of money that > the researcher realizes when the transactions are complete. This difference > is a direct result of low corporate overhead. > > Lastly, all transactions require that the researcher engage the company > that I work with in a tight contract. This contract ensures that both > parties are legitimate and also protects both parties. They don't do that on > the black market do they? So, is the problem that I didn't realize you guys also bought vulns, and that you pay more? No, I had no idea that you did. I guess some better marketing is in order. The quarterly challenge thing is pretty good for publicity, maybe you guys should do one of those. BB
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.