[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security discussion: Summary of proposals and criteria (was Re: Security vulnerability process, and CVE-2012-0217)

On 07/09/12 15:35, Keir Fraser wrote:
> On 09/07/2012 14:25, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
> wrote:
>>> >> If you're into security industry (going to conferences, etc) you
>>> >> certainly know the right people who would be delight to buy exploits
>>> >> from you, believe me ;) Probably most Xen developers don't fit into this
>>> >> crowd, true, but then again, do you think it would be so hard for an
>>> >> interested organization to approach one of the Xen developers on the
>>> >> pre-disclousure list? How many would resist if they had a chance to cash
>>> >> in some 7-figure number for this (I read in the press that hot
>>> >> bugs/exploits sell for this amount actually)?
>> > 
>> > (Correction: I meant a 6-figure number)
> Thought I was in the wrong end of the business there for a while. ;)

:) Yeah, I actually re-read my message when reading my 'xen-devel'
folder, and spotted the typo. A few hundred bucks for an exploit --
still not bad IMHO...


Attachment: signature.asc
Description: OpenPGP digital signature

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.