Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re[2]: [Full-disclosure] Our Industry Is Seriously Ethics Impaired

from [phased] Network Security [Permanent Link]
Subject: Re[2]: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
Date: Wed, 27 Jul 2005 17:49:56 +0400 
They could just as easily be harbouring a massive 0day arsenal for the us gov
to attack other countries.

-----Original Message-----
From: Adam Jones <ajones1@gmail.com>
To: 
Date: Wed, 27 Jul 2005 08:15:33 -0500
Subject: Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired


What exactly is wrong with this? I personally would rather have 3com
buying up exploits (probably under an agreement for exclusive access)
instead of having them sold to the highest, probably malicious,
bidder. Even if someone sells it to both there is a more reputable
group that has the exploit and can help with mitigation.

- Adam
On 7/26/05, J.A. Terranson <measl@mfn.org> wrote:


Yet another voice baying at the moon.

--
Yours,

J.A. Terranson
sysadmin@mfn.org
0xBD4A95BF


"A stock broker is someone who handles your money until its all gone."
Diana Hubbard (of Scientology fame)

-----------------------------------------------------------------------

http://informationweek.com/story/showArticle.jhtml?articleID=166402192

3Com Rewards 'Responsible' Disclosure Of Security Flaws   July 25, 2005
EMAIL THIS ARTICLE
PRINT THIS ARTICLE
DISCUSS THIS ARTICLE WRITE TO AN EDITOR



The company is planning to reward security researchers who reveal
information on newly discovered vulnerabilities.
By John Walko
EE Times



LONDON . Data networking group 3Com is planning to reward security
researchers who reveal information on newly discovered vulnerabilities as
part of an initiative run by its TippingPoint division.

The so called .Zero Day Initiative. is aimed at ensuring the 'responsible'
disclosure of security flaws in order to make technology more secure for
all users. The goal is to proactively protect businesses against newly
discovered vulnerabilities.

According to 3Com, many security researchers want to be recognized for
their discovery, but they don't always achieve that in a responsible
manner. Instead, and all too often, they post the potentially harmful
information publicly, catching businesses and vendors off-guard and
unprotected.

The initiative will recognize researchers for the discovery when the
vulnerability is publicly disclosed with the vendor's patch.

3Com will notify affected vendors of security flaws so they can
immediately begin working on a solution, most often in the form of a
patch. The vulnerabilities will only be disclosed publicly once the
affected vendor is able to offer a solution to end users, mitigating the
threat.

Providing pre-emptive protection will be done through 3Com subsidiary
TippingPoint.s Digital Vaccine service.

The company stressed it would share vulnerability details freely with
other security vendors prior to public disclosure.

3Com CTO Marc Willebeek-LeMair said the initiative would ultimately
benefit everyone in the industry: security and technology vendors,
security researchers and end users.

Vulnerabilities enable attackers to gain control of a system for malicious
purposes. They can also result in worms or Denial of Service attacks,
which can bring down entire networks.

Zero day disclosure occurs when the discoverer of the vulnerability
discloses the flaw to the public without notifying the vendor, putting
businesses at risk from the time of disclosure until the affected vendor
issues a patch. It can take vendors weeks or months to supply a patch.

David Endler, Director of Security Research for 3Com's TippingPoint
division, said: "This program will extend our research organization even
further, and enable us to tap some of the most brilliant minds in the
global security research community..

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired, Etaoin Shrdlu
Next by Date:  Re: [Full-disclosure] Beware trojaned exploits!, str0ke
Previous by Thread:  Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired, Etaoin Shrdlu
Next by Thread:  Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired, J.A. Terranson
Indexes:  [Date] [Thread] [Top] [All Lists]