[Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
Ramon de C Valle
rcvalle at redhat.com
Tue Apr 24 20:13:05 BST 2012
> > IMHO, anyone who willingly, knowingly places customer data at risk
> > by inviting attacks on their production systems is playing a very
> > dangerous game. There is no guarantee that a vuln discovered by a
> > truly honest researcher couldn't become a weapon for the dishonest
> > "researcher" through secondary discovery
>
> I'm not sure I follow. Are you saying that the dishonest researcher
> will not try to find vulnerabilities if there is no reward program
> for
> the honest ones?
He made a good example of a Slippery Slope.
--
Ramon de C Valle / Red Hat Product Security Team
Full-Disclosure is hosted and sponsored by Secunia.