|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mohammad Hosein (mhtajik
gmail.com)
Date: Thu Oct 16 2008 - 03:40:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
most of the 0days - if not all - are targeting very rare software like Novel
stuff and when you buy Canvas you buy 3 month worth of updates not a year .
like Parity mentioned in his email i'd like the developers know that a more
flexible licensing model and price would help them with a new market consist
of freelancers and individuals who are in the pentest business and do not
have huge load of cash the same as they dont earn such money easy like a
company can do with an enterprise-grade pentest project .
On Thu, Oct 16, 2008 at 2:27 AM, Dean Pierce <piercedepdx.edu> wrote:
> If they even listed the affected software, wouldn't the vendor just buy
> up the module and fix the 0day? It would be interesting to see a list
> of older vulnerabilities, and maybe some mention their reliability just
> to see how it stacks up against other exploitation frameworks.
>
> Anyway, when you buy CANVAS, the most important thing you get is every
> exploit they come up with for the next year, so not even the researchers
> know what it is you are really buying.
>
> - DEAN
>
> Speaking as a freelancer, this is a constant challenge for me. Among the
> research costs I can't really pass directly on to customers, there's stuff
> like:
>
> CanSec: ~ $1800.00 (Maybe if I wasn't too lazy to submit a talk...)
> BinDiff: $1330
> MSDN subscription: another couple grand
>
> So instead of going to CanSec, I stick to the inexpensive conferences
> (Shmoocon, Toorcon, etc). And I buy MS products the MSFT company store as
> needs require. And I just do without cool stuff like Bindiff. :(
>
> Anyway, I guess I'm chiming in here to suggest to Dragos & Halvar & others
> that I'd love to buy their products / services, but paying full price is
> just not economical for an indy player like myself. They could easily
> capture additional revenue from the little market segment that's made up of
> guys like me (go read Joel Spolsky's essay on differential pricing called
> Camels & Rubber Duckies for hints). I'm not sure there's enough people in
> my position to justify their going to the trouble, but I wish they would.
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]