再保险:[CVEPRI]处理由史蒂夫Christey发现新的漏洞

*马库斯·j·Ranum (mjr@NFR.NET) 000921年[32]:>我明白了。至少有人愿意诚实的>。目的是作为一种营销>自己?> >我唯一觉得这的人相当薄,跛>的理由吗?瘸腿的,有人试图让一个名字为自己?当然,你有权你的意见。>我知道了。自我满足吗?所以我猜所有人在学术界只是自我驱动,因为他们要求为他们的工作。猜猜看,这是人的本性。 If you can't feel good about your self and you work you may as well snuff yourself. > That's the reason I raised this issue. If folks are really > considering using cryptographic hashes and whatnot, just to > protect their ego-bragging rights, that seems like massive > technological overkill for what's really a social problem. > > I.e.: "grow up, guys." The realities of this business are that vulnerability disclosures are used as a marketing vehicle. You don't like it and can't do nothing better than calling it ego-bragging. > There's no similarity at all. I sell a product. It has tangible > value. Not ego value, not marketing value. And vulnerability information has not tangible value? That seems like a strange statement coming from you or any other IDS or vulnerability scanner vendor. After all you make your money from taking the same vulnerability information you say is worthless and making test and signatures for it and then selling it to customers at a high price without paying anything to the people that discovered the vulnerability. How are you different? You exchange your work for money. Someone else's exchanges their work for credit. You say that people are childish for wishing to get credit for their work, but you are not childish for wishing to get money from yours. Seems like a double standard to me. > It's only a cruel place if you're willing to tolerate such > behavior, Aleph. Sounds to me like sour grapes. > mjr. > ----- > Marcus J. Ranum > Chief Technology Officer, Network Flight Recorder, Inc. > Work:http://www.nfr.net>个人:http://www.ranum.com——伊莱亚斯利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船