On Mon, Jul 25, 2005 at 02:03:51PM +0000, Ghaith Nasrawi wrote: > as it was announced few minutes ago that "3Com launches > vulnerability-buying program" (through TippingPoint, a company 3Com > acquired earlier this year) > > http://www.securityfocus.com/news/11253 > http://www.zerodayinitiative.com/ > > so what do you think about this step? Obviously, they are trying to > fight public disclosure of security vunl's (that why bugtraq exists) > and buy the information so they can have 0day signatures to > TippingPoint IPS solution. It's probably pretty good for TippingPoint customers. Seems pretty reasonable from a commercial point-of-view -- if enough extra people buy the software to offset the cost of the purchases, then it's a win for 3Com. I doubt that they'll be offering the sort of money that is going to make a real clueful zombiemaster roll over and play ball, however, so in the same way that paying police informants hasn't eradicated crime, I don't think this is going to be a solution to the problem. It's an interesting take on the situation, though. - Matt
Attachment:
signature.asc
Description: Digital signature