Re: [CVEPRI] Handling new vulnerabilities discovered by Steve Christey
>Given that people cannot make money from disclosing vulnerabilities
>(that would be called blackmail), other than desire of helping
>the world be a more secure place, credit is the only incentive people
>have to disclose vulnerabilities.
I see. At least someone's willing to be honest about what's
going on. So the whole purpose is as a means of marketing
Am I the only person who finds this a rather thin, lame
>People need some type of remuneration for their work even if its not
>a financial one.
I see. Ego-gratification?
That's the reason I raised this issue. If folks are really
considering using cryptographic hashes and whatnot, just to
protect their ego-bragging rights, that seems like massive
technological overkill for what's really a social problem.
I.e.: "grow up, guys."
> Maybe you'd like to stop charging money for NFR, and
>if I recall correctly you weren't particularly trilled when people took
>copies of the firewall toolkit, your work, and sold it as a commercial
>product without giving you any credit.
There's no similarity at all. I sell a product. It has tangible
value. Not ego value, not marketing value.
>The world is such a cruel place.
It's only a cruel place if you're willing to tolerate such
Marcus J. Ranum
Chief Technology Officer, Network Flight Recorder, Inc.