Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: [Dailydave] Announcing the Zero Day Initiative
From: David Endler (dendlertippingpoint.com)
Date: Mon Jul 25 2005 - 08:06:25 CDT
By our own standards, 3Com cannot use any vulnerability information or report it to anyone until it is officially purchased. We have more to lose from a trust and legal standpoint:
"If an offer is not made or an offer is made but not accepted by the researcher, the vulnerability information will remain the property of the researcher and will not be used in the Zero Day Initiative (ZDI) program."
From: Halvar Flake [mailto:HalVargmx.de]
Sent: Monday, July 25, 2005 7:51 AM
To: David Endler
Subject: Re: [Dailydave] Announcing the Zero Day Initiative
I have a question regarding the program:
Let's assume for some reason the ZDI's bid is too low, what happens with the information ? Is there any guarantee that ZDI does not pass the submitted information to software vendors and/or government organisations without having paid ? It's going to be very tricky to legally enforce security problems as IP.
5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
+++ GMX - die erste Adresse f�r Mail, Message, More +++
Dailydave mailing list