arent we already there?<br><br><div class="gmail_quote">On Fri, Apr 4, 2008 at 11:47 AM, Jason <<a href="mailto:security@brvenik.com">security@brvenik.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
We are now close to this space being full circle. The next step is that<br>
the researchers will offer the vendor a chance to compete for the<br>
information on the vuln IP market and as a result winning vendors can<br>
choose to keep it to themselves...<br>
<br>
Yep, Microsoft has won and we will soon be back to non-disclosure all<br>
around.<br>
<div class="Ih2E3d"><br>
Micheal Cottingham wrote:<br>
> I too have participated in ZDI as a researcher. It is a very good<br>
> program, and both the company and the researcher get what they want<br>
> out of the process. The company gets the time to fix the vulnerability<br>
> before everybody else finds out, and the researcher gets the<br>
> recognition (and some money) for their work. It is a win-win<br>
> situation.<br>
><br>
> On Fri, Apr 4, 2008 at 10:28 AM, Ureleet <<a href="mailto:ureleet@gmail.com">ureleet@gmail.com</a>> wrote:<br>
>> ive dealt a bit with tipping point and their zdi. how about you learn how<br>
>> it works first, the come back and criticize it? you obviously dont<br>
>> understand the contest at cansecwest, or how zdi plays into it. i was<br>
>> there, it was a good conf.<br>
>><br>
>> but you need to learn how it works before you go ranting about it....<br>
>> again...<br>
>><br>
>><br>
<br>
</div><div><div></div><div class="Wj3C7c">_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</div></div></blockquote></div><br>