Re: [Full-disclosure] iDefense Q-1 2007 Challenge
More importantly, the company that I am working with is no different
than iDefense. In fact, they both sell their exploits and harvested research
to the same people. The only real difference is in the amount of money that
the researcher realizes when the transactions are complete. This difference
is a direct result of low corporate overhead.
[...]
IDefense is reselling these exploits to the same third parties as the
business that I work for, or at least I assume that they are. Both
iDefense
and our buyers use the exact same list of software targets.
Is there a reason you are withholding the name of the company you work
with? Inquiring minds want to know. We all know about iDefense.
(The added secrecy makes one suspicious...)
Lastly, all transactions require that the researcher engage the company
that I work with in a tight contract. This contract ensures that both
parties are legitimate and also protects both parties. They don't do that on
the black market do they?
Surely someone who was going to break one law would have no qualms
about breaking another (ie. contract law)...
Tim Newsham
http://www.thenewsh.com/~newsham/