|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Security discussion: Summary of proposals and criteria (was Re: Security vulnerability process, and CVE-2012-0217)
On 07/09/12 15:35, Keir Fraser wrote: > On 09/07/2012 14:25, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx> > wrote: > >>> >> If you're into security industry (going to conferences, etc) you >>> >> certainly know the right people who would be delight to buy exploits >>> >> from you, believe me ;) Probably most Xen developers don't fit into this >>> >> crowd, true, but then again, do you think it would be so hard for an >>> >> interested organization to approach one of the Xen developers on the >>> >> pre-disclousure list? How many would resist if they had a chance to cash >>> >> in some 7-figure number for this (I read in the press that hot >>> >> bugs/exploits sell for this amount actually)? >> > >> > (Correction: I meant a 6-figure number) > Thought I was in the wrong end of the business there for a while. ;) > > :) Yeah, I actually re-read my message when reading my 'xen-devel' folder, and spotted the typo. A few hundred bucks for an exploit -- still not bad IMHO... joanna. Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |