Re: [Full-disclosure] iDefense Q-1 2007 Challenge

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Well, 
    I guess that miscommunication sums it up and I apologize (publicly) for
being such a snappy brat. For the record though, this isn't something that
the company markets at all. We've been doing this for a while and are very
selective about who we work with. Hence, why there is no real marketing.

    I wanted to test the waters and see what kind of response I could get
from the community. So far, its been very interesting.


On 1/16/07 3:06 PM, "Blue Boar" <BlueBoar@xxxxxxxxxxx> wrote:

> Simon Smith wrote:
>> Blue Boar, 
>>     Simply put, and with all due respect, you're wrong.
> 
> About? I see basically two assertions in my note; 1) that I would sell
> to iDefense or TippingPoint. Surely you're not going to tell me what I
> would do? And 2) That iDefense isn't doing the same thing that Blackhats
> are. Is the latter one the one you disagree with?
> 
>> Furthermore I don't
>> appreciate you directly or indirectly suggesting that these exploits are
>> being sold on the black market, that will never happen on my watch, ever!
> 
> If you look carefully, you'll see I was replying to Kevin, who did make
> a comparison to selling to blackhats. I hadn't even seen your note at
> the point, and I wasn't replying to you, and I didn't quote anything you
> wrote.
> 
> So I assume you think I was saying that your company is selling to
> blackhats. I wouldn't think you were. Certainly you don't mean to claim
> that, in general, the entire market never sells to blackhats, nor that
> you have any control over what others do.
> 
>>     More importantly, the company that I am working with is no different
>> than iDefense. In fact, they both sell their exploits and harvested research
>> to the same people. The only real difference is in the amount of money that
>> the researcher realizes when the transactions are complete. This difference
>> is a direct result of low corporate overhead.
>> 
>>     Lastly, all transactions require that the researcher engage the company
>> that I work with in a tight contract. This contract ensures that both
>> parties are legitimate and also protects both parties. They don't do that on
>> the black market do they?
> 
> So, is the problem that I didn't realize you guys also bought vulns, and
> that you pay more? No, I had no idea that you did. I guess some better
> marketing is in order. The quarterly challenge thing is pretty good for
> publicity, maybe you guys should do one of those.
> 
> BB
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux