Poll: how much is source code for older, private fuzzers worth? The kind that doesn't find any new bugs anymore but could be build upon and/or reviewed for inspiration to write new fuzzers.
-
Show this thread
-
Replying to @berendjanwever
If you learned from free resources like phrack and simliar publications I say the author has some obligation to publish it for free. It's a nice balance, make money on the front side (bugs) and give back when the fuzzer has served it's purpose
1 reply 0 retweets 0 likes -
Replying to @spoofyroot
Microsoft was dragged kicking and screaming by
@k8em0 into supporting independent researchers like me through a bug bounty program but managed to keep me out of it through an unacceptable NDA. Suggesting that _I_ am not "giving back to the community" just adds insult to injury.3 replies 0 retweets 7 likes -
Replying to @berendjanwever @spoofyroot
The original bug bounty programs I launched had no NDA. Sad times.
2 replies 0 retweets 2 likes -
You were probably under the employee/former employee NDA. Sad times.
1 reply 0 retweets 1 like -
Replying to @k8em0 @spoofyroot
No, if you want to be eligible for a bug bounty, you cannot give Microsoft *any* deadline for a fix. This effectively means in order to participate, you have to allow Microsoft to potentially never fix a security issue and stay quiet about it. This is not acceptable to me.
1 reply 1 retweet 3 likes -
Replying to @berendjanwever @spoofyroot
Oh no. That wasn't there when I left, I'm so sorry it's become so legally restrictive.
1 reply 0 retweets 1 like
It's not explicitly stated in any of the documents available online; it's their interpretation of Coordinated Vulnerability Disclosure (CVD). One of these days I really, really should blog about what happened in the months leading up to @InfiltrateCon last year.
-
-
Replying to @berendjanwever @k8em0 and
Looking forward to reading this blog post!
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.