Thursday, January 19, 2012

CPE: McAfee AudioParasitic: Episode 7: Vulnerability disclosure and Bounty Program

length: 00:14:16

Lot’s of people seem don’t agree on what we said about vulnerability disclosure…
It’s like abortion – cause so much bipolar position

 People think one vulnerability is posted – they expect in 10 minutes the vendor will provide patch … people dot think that on the other side of the fence there are other people who will exploit it!!!!

I don’t think this is a winnable argument..

I don’t think they are very honest on the purpose of Bounty Program…

Their intention is fame and money – get real!!!

When your buy a vulnerability from someone- where is the assurance that that person is not sharing with the underground world??

At the end of the day the Bounty Program is a BRILLIANT marketing strategy.

The company get a lot of PR- huge amount of publicity – completely ignore the people who is in risk..

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home